CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1495: IBM Business Automation Workflow missing authentication

4.3 CVSS

Description

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

Classification

CVE ID: CVE-2025-1495

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-306 Missing Authentication for Critical Function

Affected Products

Vendor: IBM

Product: IBM Business Automation Workflow

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.36% (scored less or equal to compared to others)

EPSS Date: 2025-06-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1495
https://www.ibm.com/support/pages/node/7232434

Timeline

2025-05-03 17:40:10 UTC
CVE

IBM Business Automation Workflow missing authentication