Analysis Summary

CVE-2025-25029 CVSS:4.9

IBM Security Guardium could allow a privileged user to download any file on the system due to improper escaping of input.

CVE-2025-25025 CVSS:4.3

IBM Security Guardium could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

CVE-2025-25026 CVSS:4.3

IBM Security Guardium could allow an authenticated user to obtain sensitive information due to an incorrect authentication check.

Impact

• Information Disclosure

Indicators of Compromise

CVE

• CVE-2025-25029

• CVE-2025-25025

• CVE-2025-25026

Affected Vendors

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

IBM Security Advisory