CVE-2025-2141

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2141
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7238556 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ibm:3948-vef_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3948-vef:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ibm:3948-ved_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3948-ved:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ibm:3957-ved_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3957-ved:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ibm:3957-ved_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3957-ved:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ibm:3948-ved_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3948-ved:-:*:*:*:*:*:*:*
History

30 Sep 2025, 20:30

Type Values Removed Values Added
References () https://www.ibm.com/support/pages/node/7238556 - () https://www.ibm.com/support/pages/node/7238556 - Vendor Advisory
CPE cpe:2.3:o:ibm:3948-vef_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:3957-ved_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3948-vef:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3957-ved:-:*:*:*:*:*:*:*
cpe:2.3:h:ibm:3948-ved:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:3948-ved_firmware:*:*:*:*:*:*:*:*
First Time Ibm
Ibm 3957-ved Firmware
Ibm 3957-ved
Ibm 3948-vef Firmware
Ibm 3948-vef
Ibm 3948-ved Firmware
Ibm 3948-ved

03 Jul 2025, 15:14

Type Values Removed Values Added
Summary
  • (es) IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115 y 3948 VEF R6.0 8.60.0.115 son vulnerables a ataques de cross-site scripting. Esta vulnerabilidad permite a un usuario autenticado incrustar código JavaScript arbitrario en la interfaz web, alterando así la funcionalidad prevista, lo que podría provocar la divulgación de credenciales en una sesión de confianza.

01 Jul 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-01 01:15

Updated : 2025-09-30 20:30

NVD link : CVE-2025-2141

Mitre link : CVE-2025-2141

CVE.ORG link : CVE-2025-2141

JSON object : View

Products Affected

ibm

  • 3948-ved_firmware
  • 3957-ved
  • 3948-vef_firmware
  • 3948-ved
  • 3948-vef
  • 3957-ved_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')