Main Vulnerability Database SB2025122948

SB2025122948 - Multiple vulnerabilities in IBM Edge Data Collector

Published: December 29, 2025

Security Bulletin ID SB2025122948

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Origin validation error (CVE-ID: CVE-2025-30360)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect Origin validation in webpack-dev-server/lib/Server.js. A remote attacker can trick the application into connecting to a malicious website with a non-Chromium browser and and share its source code with it, a.k.a. cross-site WebSocket hijacking.

2) Missing Origin Validation in WebSockets (CVE-ID: CVE-2018-14732)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing origin validation on the WebSocket interface in lib/Server.js. A remote attacker can trick the victim into visiting a malicious website that can open a WebSocket connection to localhost and access component source code.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7255942