Open redirect in Operational Decision Manager - CVE-2025-2824
Published: August 5, 2025
Vulnerability identifier: #VU113623
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:H/SA:N/E:U/U:Green
CVE-ID: CVE-2025-2824
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Operational Decision Manager
Operational Decision Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can trick the victim into visiting a specially crafted Web site to exploit this vulnerability and spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
How to mitigate CVE-2025-2824
Install updates from vendor's website.