Authorization Validation Flaw in IBM Business Automation Workflow
CVE-2025-1495

4.3MEDIUM

Key Information:

Vendor: IBM
Status: IBM Business Automation Workflow
Vendor: CVE Published:; 3 May 2025

What is CVE-2025-1495?

IBM Business Automation Workflow versions 24.0.0, 24.0.1, and 24.0.1 IF001 are vulnerable to a security issue that allows the potential leakage of sensitive information. This vulnerability arises due to the absence of proper authorization validation, which could lead to unauthorized access and exposure of critical data.

Affected Version(s)

IBM Business Automation Workflow 24.0.1 <= 24.0.1 IF001

IBM Business Automation Workflow 24.0.0

References

https://www.ibm.com/support/pages/node/7232434

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2025
Vulnerability Reserved
Feb 20, 2025