CVE-2025-12531
CRITICAL WAF: High
CVSS 9.1
Published: 2025-11-03
CWE-611
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | infosphere_information_server | 11.7 - 11.7.1.6 |
References
- www.ibm.com (Vendor Advisory)