CVE-2025-12531CRITICAL 9.1EPSS p50.3%

CVE-2025-12531CVE-2025-12531

Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.76% probability of exploitation · percentile 50.3% · 2026-06-18T12:00:27Z
Published2025-11-03
Last modified2025-11-05

Underlying weaknesses· 1

CWE-611

References

  1. https://www.ibm.com/support/pages/node/7249881

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of XML External Entity Referencecwe-6110%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-36049
CVE
CVE-2025-36247
CVE
CVE-2025-10713
CVE
CVE-2026-3603
CVE
CVE-2025-36245
CVE
CVE-2025-2905
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.