CVE-2025-0719

Medium CVSS 6.1

Overview

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CWE: CWE-79 Published: 2025-02-26T14:15:11.587

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.1 (MEDIUM)
Detected tags: unauth_access, xss (tag impact: HIGH)

Recommended actions:

Enforce authentication/authorization; reduce default endpoint exposure.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags