CVE-2025-2950

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.5

Description The issue is caused by improper neutralization of HTTP header content by IBM Navigator for i, allowing an authenticated user to manipulate the host header in HTTP requests. This can lead to changing the domain/IP address, resulting in unexpected behavior.

Recommendations For IBM i versions 7.3 through 7.5, consider restricting access to the IBM Navigator for i to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the host header in HTTP requests to the affected IBM Navigator for i until the issue is resolved.