CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1138: IBM Information Server information disclosure

4.3 CVSS

Description

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

Classification

CVE ID: CVE-2025-1138

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-548 Exposure of Information Through Directory Listing

Affected Products

Vendor: IBM

Product: InfoSphere Information Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.45% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1138
https://www.ibm.com/support/pages/node/7230295

Timeline

2025-05-15 21:40:24 UTC
CVE

IBM Information Server information disclosure