Cross-Site Scripting Vulnerability in IBM Engineering Workflow Management
CVE-2025-33128

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Workflow Management
Vendor: CVE Published:; 22 June 2026

What is CVE-2025-33128?

IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 020 and 7.1 through 7.1 Interim Fix 007 are susceptible to a cross-site scripting flaw. This vulnerability enables an authenticated user to inject arbitrary JavaScript code into the web interface, which can compromise the application's expected behavior. Consequently, this could result in sensitive information exposure, including credentials, within a secure session.

Affected Version(s)

Engineering Workflow Management 7.0.3 <= 7.0.3 Interim Fix 020

Engineering Workflow Management 7.1.0 <= 7.1 Interim Fix 007

References

https://www.ibm.com/support/pages/node/7276116

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-33128 Data

JSON