{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2697","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-03-23T16:28:25.483Z","datePublished":"2025-08-26T16:47:25.981Z","dateUpdated":"2025-08-26T17:36:08.348Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cognos_command_center:10.2.5:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Cognos Command Center","vendor":"IBM","versions":[{"status":"affected","version":"10.2.4.1"},{"status":"affected","version":"10.2.5"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Cognos Command Center 10.2.4.1 and 10.2.5 \n\ncould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."}],"value":"IBM Cognos Command Center 10.2.4.1 and 10.2.5 \n\ncould allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"CWE-601 URL Redirection to Untrusted Site ('Open Redirect')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-26T16:47:25.981Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7242159"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

IBM strongly recommends addressing the vulnerability now by upgrading.

Affected Product(s)VersionFix
IBM Cognos Command Center10.2.5IBM Cognos Command Center 10.2.5 FP1 IF1 available for download from Fix Central
IBM Cognos Command Center10.2.4.1IBM Cognos Command Center 10.2.5 FP1 IF1 available for download from Fix Central
\n\n
"}],"value":"IBM strongly recommends addressing the vulnerability now by upgrading.\n\nAffected Product(s)VersionFixIBM Cognos Command Center10.2.5 IBM Cognos Command Center 10.2.5 FP1 IF1 available for download from Fix Central https://www.ibm.com/support/pages/node/7239167 IBM Cognos Command Center10.2.4.1 IBM Cognos Command Center 10.2.5 FP1 IF1 available for download from Fix Central https://www.ibm.com/support/pages/node/7239167"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Cognos Command Center HTTP Open Redirect","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-26T17:36:02.720697Z","id":"CVE-2025-2697","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-26T17:36:08.348Z"}}]}}