CVE-2025-36016

Name of the Vulnerable Software and Affected Versions: IBM Process Mining versions 2.0.1 through 2.0.1 IF001

Description: The issue allows a remote attacker to conduct phishing attacks using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this to spoof the URL displayed, redirecting a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Recommendations: For IBM Process Mining versions 2.0.1 through 2.0.1 IF001, consider restricting access to the affected Web site to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using links from untrusted sources to prevent redirecting to malicious Web sites.