CVE-2025-33135
Received Received - Intake
Cross-Site Scripting in IBM Financial Transaction Manager UI

Publication date: 2026-02-17

Last updated on: 2026-02-17

Assigner: IBM Corporation

Description
IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-33135
EUVD
EUVD-2025-207804
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm financial_transaction_manager From 3.0.0.0 (inc) to 3.0.5.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform versions 3.0.0.0 through 3.0.5.4 Interim Fix 027. It is a cross-site scripting (XSS) vulnerability that allows an unauthenticated attacker to inject arbitrary JavaScript code into the web user interface.

By embedding malicious scripts, the attacker can alter the intended functionality of the web interface.

Impact Analysis

The vulnerability can lead to the disclosure of user credentials within a trusted session, as the injected JavaScript code can capture sensitive information.

Since the attacker does not need to be authenticated, this increases the risk of unauthorized access and potential compromise of user accounts.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33135. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart