Vulnerability-Lookup

WID-SEC-W-2025-2681

Vulnerability from csaf_certbund - Published: 2025-11-25 23:00 - Updated: 2025-11-26 23:00

Summary

IBM App Connect Enterprise: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.

Angriff

Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsmaßnahmen zu umgehen und Cross-Site-Scripting- oder Open-Redirect-Angriffe durchzuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und Cross-Site-Scripting- oder Open-Redirect-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2681 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2681.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2681 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2681"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-11-25",
        "url": "https://www.ibm.com/support/pages/node/7252675"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7252722 vom 2025-11-26",
        "url": "https://www.ibm.com/support/pages/node/7252722"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7252719 vom 2025-11-26",
        "url": "https://www.ibm.com/support/pages/node/7252719"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7252720 vom 2025-11-26",
        "url": "https://www.ibm.com/support/pages/node/7252720"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-26T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-27T08:17:16.029+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2681",
      "initial_release_date": "2025-11-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-26T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM App Connect Enterprise",
                "product": {
                  "name": "IBM App Connect Enterprise",
                  "product_id": "T032495",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.0.5.2",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c13.0.5.2",
                  "product_id": "T048908"
                }
              },
              {
                "category": "product_version",
                "name": "13.0.5.2",
                "product": {
                  "name": "IBM App Connect Enterprise 13.0.5.2",
                  "product_id": "T048908-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.5.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.0.12.20",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c12.0.12.20",
                  "product_id": "T048909"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.12.20",
                "product": {
                  "name": "IBM App Connect Enterprise 12.0.12.20",
                  "product_id": "T048909-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.20"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-56200",
      "product_status": {
        "known_affected": [
          "T048909",
          "T048908",
          "T032495"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-56200"
    },
    {
      "cve": "CVE-2025-57350",
      "product_status": {
        "known_affected": [
          "T048909",
          "T048908",
          "T032495"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-57350"
    },
    {
      "cve": "CVE-2025-64118",
      "product_status": {
        "known_affected": [
          "T048909",
          "T048908",
          "T032495"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-64118"
    }
  ]
}

CVE-2025-56200 (GCVE-0-2025-56200)

Vulnerability from cvelistv5 – Published: 2025-09-30 00:00 – Updated: 2025-09-30 19:36

Summary

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Assigner

mitre

References

URL

Tags

	http://validatorjs.com
	https://gist.github.com/junan-98/a93130505b258b9e…
	https://github.com/validatorjs/validator.js
	https://gist.github.com/junan-98/27ae092aa40e2a05…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-56200",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T19:34:38.959485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T19:36:11.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses \u0027://\u0027 as a delimiter to parse protocols, while browsers use \u0027:\u0027 as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T17:35:15.229Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://validatorjs.com"
        },
        {
          "url": "https://gist.github.com/junan-98/a93130505b258b9e4ec9f393e7533596"
        },
        {
          "url": "https://github.com/validatorjs/validator.js"
        },
        {
          "url": "https://gist.github.com/junan-98/27ae092aa40e2a057d41a0f95148f666"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-56200",
    "datePublished": "2025-09-30T00:00:00.000Z",
    "dateReserved": "2025-08-16T00:00:00.000Z",
    "dateUpdated": "2025-09-30T19:36:11.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-57350 (GCVE-0-2025-57350)

Vulnerability from cvelistv5 – Published: 2025-09-24 00:00 – Updated: 2025-09-24 19:15

Summary

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using __proto__ syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/Keyang/node-csvtojson/issues/498
	https://github.com/VulnSageAgent/PoCs/tree/main/J…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 8.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-57350",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-24T19:13:57.201684Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1321",
                "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-24T19:15:08.267Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using __proto__ syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-24T18:11:49.453Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/Keyang/node-csvtojson/issues/498"
        },
        {
          "url": "https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57350"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-57350",
    "datePublished": "2025-09-24T00:00:00.000Z",
    "dateReserved": "2025-08-17T00:00:00.000Z",
    "dateUpdated": "2025-09-24T19:15:08.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-64118 (GCVE-0-2025-64118)

Vulnerability from cvelistv5 – Published: 2025-10-30 17:50 – Updated: 2025-10-30 18:42

Title

node-tar vulnerable to race condition leading to uninitialized memory exposure

Summary

node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.

Severity ?

6.1 (Medium)


                        
                          CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

GitHub_M

References

URL

Tags

	https://github.com/isaacs/node-tar/security/advis…	x_refsource_CONFIRM
	https://github.com/isaacs/node-tar/issues/445	x_refsource_MISC
	https://github.com/isaacs/node-tar/pull/446	x_refsource_MISC
	https://github.com/isaacs/node-tar/commit/5330eb0…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	isaacs	node-tar	Affected: = 7.5.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64118",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-30T18:41:54.563697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-30T18:42:19.663Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-tar",
          "vendor": "isaacs",
          "versions": [
            {
              "status": "affected",
              "version": "= 7.5.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T17:50:20.421Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph"
        },
        {
          "name": "https://github.com/isaacs/node-tar/issues/445",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/node-tar/issues/445"
        },
        {
          "name": "https://github.com/isaacs/node-tar/pull/446",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/node-tar/pull/446"
        },
        {
          "name": "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d"
        }
      ],
      "source": {
        "advisory": "GHSA-29xp-372q-xqph",
        "discovery": "UNKNOWN"
      },
      "title": "node-tar vulnerable to race condition leading to uninitialized memory exposure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-64118",
    "datePublished": "2025-10-30T17:50:20.421Z",
    "dateReserved": "2025-10-27T15:26:14.128Z",
    "dateUpdated": "2025-10-30T18:42:19.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2681

CVE-2025-56200 (GCVE-0-2025-56200)

CVE-2025-57350 (GCVE-0-2025-57350)

CVE-2025-64118 (GCVE-0-2025-64118)

Tags

Sightings

Nomenclature