Ibm · Ibm I · CVE-2025-2950
**Name of the Vulnerable Software and Affected Versions**
IBM i versions 7.3 through 7.5
**Description**
The issue is caused by improper neutralization of HTTP header content by IBM Navigator for i, allowing an authenticated user to manipulate the host header in HTTP requests. This can lead to changing the domain/IP address, resulting in unexpected behavior.
**Recommendations**
For IBM i versions 7.3 through 7.5, consider restricting access to the IBM Navigator for i to minimize the risk of exploitation until a patch is available.
As a temporary workaround, avoid using the `host` header in HTTP requests to the affected IBM Navigator for i until the issue is resolved.