CVE-2025-2950: IBM i improper HTTP header neutralization

5.4 CVSS

Description

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.

Classification

CVE ID: CVE-2025-2950

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem Types

CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

Affected Products

Vendor: IBM

Product: i

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2950
https://www.ibm.com/support/pages/node/7231320

Timeline

2025-04-18 15:40:25 UTC
CVE

IBM i improper HTTP header neutralization