Stored Cross-Site Scripting Vulnerability in IBM Cognos Analytics
CVE-2025-0917

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Cognos Analytics
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-0917?

IBM Cognos Analytics versions 11.2.0 through 12.0.4 are susceptible to a stored cross-site scripting vulnerability that enables privileged users to inject arbitrary JavaScript code into the web user interface. This could lead to unauthorized actions within trusted sessions, jeopardizing sensitive data and potentially exposing user credentials.

Affected Version(s)

Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4

References

https://www.ibm.com/support/pages/node/7234674

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Jan 30, 2025