CVE-2025-2895

Published Jun 30, 2025

Last updated 18 days ago

CVSS medium 5.4

Overview

Description
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Source
psirt@us.ibm.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

psirt@us.ibm.com
CWE-80

Social media

Hype score
Not currently trending

  1. CVE-2025-2895 HTML Injection Vulnerability in IBM Cloud Pak System Multiple Versions https://t.co/Pr6K7szLMe

    @VulmonFeeds

    30 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-2895 IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject … https://t.co/ZczwQv0lh7

    @CVEnew

    30 Jun 2025

    300 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.