Denial of Service Vulnerability in IBM Cloud Pak for Business Automation
CVE-2025-1838

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Pak For Business Automation
Vendor: CVE Published:; 3 May 2025

What is CVE-2025-1838?

An authenticated user can exploit a vulnerability in the authoring user interface of IBM Cloud Pak for Business Automation. This flaw allows them to bypass client-side data validation processes, potentially leading to a denial of service scenario. Users of affected versions should take immediate steps to implement security measures as outlined by IBM.

Affected Version(s)

Cloud Pak for Business Automation 24.0.1 <= 24.0.1 IF001

Cloud Pak for Business Automation 24.0.0 <= 24.0.0 IF004

References

https://www.ibm.com/support/pages/node/7232429

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2025
Vulnerability Reserved
Mar 2, 2025