CVE-2025-2670 MEDIUM

CVE-2025-2670: IBM OpenPages information disclosure

Vendor Ibm
Product OpenPages
Weakness CWE-497
Published July 9, 2025
Last update August 24, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state.

Key dates

02Disclosure timeline

July 9, 2025 CVE published
August 24, 2025 Record updated

Related vulnerabilities

04Related CVE