Sensitive Information Exposure in IBM InfoSphere Information Server DataStage Flow Designer
CVE-2025-25046

3.7LOW

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-25046?

The IBM InfoSphere Information Server 11.7 DataStage Flow Designer is vulnerable to an information exposure issue. This vulnerability allows sensitive information to be transmitted through URL or query parameters. If exploited, unauthorized actors could intercept this data using man-in-the-middle techniques, leading to potential data breaches and other security risks. Users are advised to review their configurations and implement necessary security measures to mitigate this risk.

Affected Version(s)

InfoSphere Information Server 11.7

References

https://www.ibm.com/support/pages/node/7231333

vendor-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Feb 1, 2025