CVE-2025-2236: Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication.

2.1 CVSS

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services.

This issue affects Advanced Authentication versions before 6.5.

Classification

CVE ID: CVE-2025-2236

CVSS Base Severity: LOW

CVSS Base Score: 2.1

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:N/V:C/RE:M/U:Red

Problem Types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Affected Products

Vendor: OpenText

Product: Advanced Authentication

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.8% (scored less or equal to compared to others)

EPSS Date: 2025-06-06 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2236
https://portal.microfocus.com/s/article/KM000039947

Timeline

2025-05-27 16:40:16 UTC
CVE

Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication.