CVE-2025-36016 PUBLISHED

IBM Process Mining HTTP open redirect

Assigner: ibm
Reserved: 15.04.2025 Published: 21.06.2025 Updated: 21.06.2025

IBM Process Mining 2.0.1 IF001 and 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
CVSS Score: 6.8

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	High
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Process Mining
Versions	Default: unaffected Version 2.0.1 IF001, 2.0.1 is affected

Solutions

IBM Process Mining 2.0.1 IF001, 2.0.1<br /> Upgrade to version 2.0.2 https://www.ibm.com/docs/en/process-mining/2.0.2

References

https://www.ibm.com/support/pages/node/7237502

Problem Types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect') CWE