CVE-2025-2138
BaseFortify
Publication date: 2025-10-12
Last updated on: 2025-10-16
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| ibm | engineering_requirements_management_doors_next | 7.0.2 |
| ibm | engineering_requirements_management_doors_next | 7.0.3 |
| ibm | engineering_requirements_management_doors_next | 7.1 |
| ibm | aix | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-2138 is a security vulnerability in IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1.0 that allows an authenticated user on the network to delete comments made by other users. This happens because the product enforces security controls on the client side rather than properly on the server side, leading to broken access control (CWE-602). [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated user with network access to delete comments created by other users, which affects the integrity of the data. Although it does not impact confidentiality or availability, it can lead to loss or manipulation of important comment information within the system. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should install the specific interim fixes (ifixes) provided by IBM for your version of IBM Engineering Requirements Management DOORS Next: ifix 36 for version 7.0.2, ifix 19 or newer for version 7.0.3, and ifix 05 or newer for version 7.1.0. No other workarounds or mitigations are provided. [1]