CVE-2025-2140

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7247716	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:::::::*
	cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:::::::*
	cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:::::::*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2025-10-12 14:15

Updated : 2025-10-16 14:32

NVD link : CVE-2025-2140

Mitre link : CVE-2025-2140

CVE.ORG link : CVE-2025-2140

JSON object : View

Products Affected

microsoft

windows

linux

linux_kernel

ibm

aix
engineering_requirements_management_doors_next

CWE

CWE-346

Origin Validation Error

{"id": "CVE-2025-2140", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2025-10-12T14:15:36.373", "references": [{"url": "https://www.ibm.com/support/pages/node/7247716", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data."}], "lastModified": "2025-10-16T14:32:22.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6702EFCC-2FC7-48F3-9356-40033D147332"}, {"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0634040A-046B-4F1D-AD33-7095D68429C5"}, {"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44B30C9-5962-4994-A810-B0E04561EDD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}