HTTP Header Injection Vulnerability in IBM InfoSphere Information Server
CVE-2025-14807

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 25 March 2026

What is CVE-2025-14807?

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are affected by a vulnerability that results from improper validation of input within the HOST headers. This flaw could enable an attacker to execute a range of malicious activities, including cross-site scripting, cache poisoning, and session hijacking. It is critical for users of these affected versions to apply patches and enhance their security measures to prevent exploitation of this vulnerability.

Affected Version(s)

InfoSphere Information Server 11.7.0.0 <= 11.7.1.6

References

https://www.ibm.com/support/pages/node/7267526

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Dec 16, 2025

CVE-2025-14807 Data

JSON