Cross-Site Scripting in IBM Copy Services Manager
CVE-2025-36248

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Copy Services Manager
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-36248?

IBM Copy Services Manager version 6.3.13 is susceptible to cross-site scripting (XSS) attacks. This vulnerability enables an authenticated user to inject arbitrary JavaScript code into the application’s web interface. By exploiting this flaw, attackers can manipulate the functionality of the web UI, potentially leading to the exposure of sensitive information such as user credentials within an authenticated session. It is crucial for users to apply security measures and updates to mitigate this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Copy Services Manager 6.3.13

References

https://www.ibm.com/support/pages/node/7245562

vendor-advisorypatch

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 15, 2025

JSON

IBM