CVE-2025-13478 HIGH

CVE-2025-13478: Cache Misconfiguration Leading to Cross-User Data Exposure

Vendor Opentext
Product Identity Manager
Weakness CWE-522 · Insufficiently protected credentials
Published March 27, 2026
Last update March 27, 2026

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

What the vulnerability does

01Description

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2(v4.10.1).

Key dates

02Disclosure timeline

March 27, 2026 CVE published
March 27, 2026 Record updated