First published: Tue Mar 25 2025(Updated: )
IBM UrbanCode Deploy (UCD) stores potentially sensitive authentication token information in log files that could be read by a local user.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM UrbanCode Deploy | <=7.1 - 7.1.2.21 | |
IBM UrbanCode Deploy | <=7.2 - 7.2.3.14 | |
IBM UrbanCode Deploy | <=7.3 - 7.3.2.9 | |
IBM UrbanCode Deploy | <=8.0 - 8.0.1.4 | |
IBM UrbanCode Deploy | <=8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1998 is classified as a medium severity vulnerability due to the exposure of sensitive authentication tokens in log files.
To mitigate CVE-2025-1998, ensure that log files are properly secured and limit access to authorized users only.
CVE-2025-1998 affects IBM UrbanCode Deploy versions up to 7.1.2.21, 7.2 up to 7.2.3.14, 7.3 up to 7.3.2.9, and IBM DevOps Deploy versions up to 8.0.1.4.
Any organization using affected versions of IBM UrbanCode Deploy or IBM DevOps Deploy may be impacted by CVE-2025-1998.
Yes, users should check for the latest updates from IBM to remediate CVE-2025-1998 and secure their systems.