Cyber Resilience

CVE-2025-0923

Medium

Published: 11 June 2025

Published
11 June 2025
Modified
17 June 2025
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0022 45.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0923 is a medium-severity Inclusion of Sensitive Information in Source Code (CWE-540) vulnerability in Ibm Cognos Analytics. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 45.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ibm
cognos analytics
11.2.4 · 11.2.0 — 11.2.4 · 12.0.0 — 12.0.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-540

Detection and removal of spilled information addresses cases where sensitive data was included in source code.

addresses: CWE-540

Screening helps prevent intentional insertion of sensitive information into source code by untrusted developers.

addresses: CWE-540

Prevents inclusion of sensitive information in source code and development artifacts through SDLC-wide OPSEC controls.

References