Sensitive Data Exposure in IBM Planning Analytics by IBM
CVE-2025-14806

5.7MEDIUM

Key Information:

Vendor: IBM
Status: Planning Analytics Local
Vendor: CVE Published:; 17 March 2026

What is CVE-2025-14806?

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 may allow attackers to manipulate the caching mechanism, enabling the unintended storage and serving of sensitive, user-specific responses as publicly accessible resources. This flaw poses a significant risk to user privacy and data confidentiality.

Affected Version(s)

Planning Analytics Local 2.1.0 <= 2.1.17

References

https://www.ibm.com/support/pages/node/7263581

vendor-advisorypatch

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2026
Vulnerability Reserved
Dec 16, 2025

CVE-2025-14806 Data

JSON