CVE-2025-2138
LOWDescription
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | engineering_requirements_management_doors_next |
| ibm | engineering_requirements_management_doors_next |
| ibm | engineering_requirements_management_doors_next |
| ibm | aix |
| linux | linux_kernel |
| microsoft | windows |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-2138? +
How severe is CVE-2025-2138? +
What products are affected by CVE-2025-2138? +
How do I check if I'm vulnerable to CVE-2025-2138? +
Related Vulnerabilities
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 …
This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A …
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an …
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), …
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), …
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), …