#VU113623 Open redirect in Operational Decision Manager - CVE-2025-2824
Published: August 5, 2025
Vulnerability identifier: #VU113623
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:H/SA:N/E:U/U:Green
CVE-ID: CVE-2025-2824
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Operational Decision Manager
Operational Decision Manager
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can trick the victim into visiting a specially crafted Web site to exploit this vulnerability and spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
Remediation
Install updates from vendor's website.