What is the CVSS score of EUVD-2025-209016?

EUVD-2025-209016 has a CVSS 3.1 base score of 3.1 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of IBM are affected by EUVD-2025-209016?

CVE-2025-14808 is a low-severity vulnerability (CVSS 3.1). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.. A patch is available.

How to fix or mitigate EUVD-2025-209016?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

IBM EUVD-2025-209016

| CVE-2025-14808 LOW

Use of GET Request Method With Sensitive Query Strings (CWE-598)

2026-03-25 ibm

Information Disclosure IBM

3.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 25, 2026 - 20:32 euvd

EUVD-2025-209016

Analysis Generated

Mar 25, 2026 - 20:32 vuln.today

Patch released

Mar 25, 2026 - 20:32 nvd

Patch available

CVE Published

Mar 25, 2026 - 20:09 nvd

LOW 3.1

DescriptionNVD

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

AnalysisAI

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an information disclosure vulnerability where sensitive data is exposed through HTTP GET query strings, allowing attackers with low privileges and network access to obtain confidential information via man-in-the-middle techniques. The CVSS score of 3.1 reflects low severity due to high attack complexity and limited privileges required, though the vulnerability has a patch available from IBM and represents a classic cleartext credential exposure risk in enterprise data integration platforms.

Technical ContextAI

The vulnerability stems from CWE-598 (Use of GET Request with Sensitive Query Strings), a protocol-level weakness where sensitive parameters are transmitted in URL query strings instead of POST request bodies or other secure mechanisms. HTTP GET requests with query parameters are logged in server logs, browser history, proxy caches, and are visible in cleartext during network transmission. IBM InfoSphere Information Server (cpe:2.3:a:ibm:infosphere_information_server) is an enterprise data integration and governance platform that processes sensitive metadata and credentials. The affected versions (11.7.0.0 through 11.7.1.6) improperly handle authentication tokens or sensitive configuration data as GET parameters, making them vulnerable to interception and exposure. This is a classic application-level protocol misuse rather than a cryptographic flaw.

RemediationAI

Upgrade IBM InfoSphere Information Server to version 11.7.1.7 or later, with patch availability confirmed via IBM support pages at https://www.ibm.com/support/pages/node/7266695. For organizations unable to immediately patch, implement the following compensating controls: enforce HTTPS with TLS 1.2 or higher for all Information Server communications, ensure proper HTTP Strict-Transport-Security (HSTS) headers are configured, restrict network access to Information Server instances to trusted internal networks only, monitor HTTP access logs for GET requests containing suspicious query parameters, and disable or restrict HTTP access in favor of HTTPS-only operation at the reverse proxy or firewall level. Additionally, audit any credentials or sensitive configuration data that may have been exposed through logs and rotate them proactively.

More from same product – last 7 days

CVE-2026-7524 CRITICAL Act Now

9.8 May 27

Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr

CVE-2026-8175 CRITICAL Act Now

9.8 May 27

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra

CVE-2026-7876 CRITICAL Act Now

9.1 May 27

Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu

CVE-2026-5065 HIGH This Week

8.8 May 27

Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded

CVE-2026-8179 HIGH This Week

8.8 May 27

Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)

EUVD-2025-209016 vulnerability details – vuln.today

Back

IBM EUVD-2025-209016

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code