IBM OpenPages Host Header Injection_CVE-2025-36223

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Basic Information

ID CVE-2025-36223

Source ibm

Published Nov 12, 2025 at 21:04

Affected Product

Vendor IBM

Product OpenPages

Version 9.0

Affected Versions IBM OpenPages 9.0
IBM OpenPages 9.1

CWE Classification

CWE-644

References

www.ibm.com /support/pages/node/7250239

{
    "lastseen": "",
    "description": "IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
    "published": "2025-11-12T21:04:45.915Z",
    "modified": "2025-11-12T21:04:45.915Z",
    "type": "cve",
    "title": "IBM OpenPages Host Header Injection",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7250239",
    "id": "CVE-2025-36223",
    "bulletinFamily": "",
    "cwe": [
        "CWE-644"
    ],
    "cvelist": null,
    "sourceData": "IBM OpenPages 9.0\nIBM OpenPages 9.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenPages",
    "version": "9.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}