CVE-2025-36016 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-36016

Analyzed

More Info Official Page

Source-psirt@us.ibm.com

Published At-21 Jun, 2025 | 13:15

Updated At-21 Aug, 2025 | 01:10

IBM Process Mining 2.0.1 IF001 and 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Primary	3.1	8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Type: Primary

Version: 3.1

Base score: 8.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CPE Matches

IBM Corporation

>>process_mining>>2.0.1

cpe:2.3:a:ibm:process_mining:2.0.1:-:*:*:*:*:*:*

IBM Corporation

>>process_mining>>2.0.1

cpe:2.3:a:ibm:process_mining:2.0.1:interim_fix_001:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-601	Primary	psirt@us.ibm.com

CWE ID: CWE-601

Type: Primary

Source: psirt@us.ibm.com

References

Hyperlink	Source	Resource
https://www.ibm.com/support/pages/node/7237502	psirt@us.ibm.com	Vendor Advisory

Hyperlink: https://www.ibm.com/support/pages/node/7237502

Source: psirt@us.ibm.com

Resource:

Vendor Advisory