Multiple WordPress Plugins Vulnerabilities

April 25, 2025

Microsoft’s Symlink Update Introduces New DoS Vulnerability

April 25, 2025

Multiple IBM Products Vulnerabilities

April 25, 2025

Severity

Medium

Analysis Summary

CVE-2025-2986 CVSS:5.5

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-55895 CVSS:2.7

IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Impact

Cross-site Scripting
Information Disclosure

Indicators of Compromise

CVE

CVE-2025-2986
CVE-2024-55895

Affected Vendors

Affected Products

IBM InfoSphere Information Server - 11.7
IBM Maximo Asset Management - 7.6.1.3

Remediation

Upgrade to the latest version of InfoSphere Information Server, available from the IBM Security Advisory.

CVE-2025-2986

CVE-2024-55895

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple WordPress Plugins Vulnerabilities

Microsoft’s Symlink Update Introduces New DoS Vulnerability

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.