CVE-2025-12531

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6

Description IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are susceptible to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could potentially exploit this issue to disclose sensitive information or exhaust memory resources. An XML external entity (XXE) attack occurs when an XML parser processes XML input that contains a reference to an external entity. This can allow an attacker to include arbitrary files, potentially exposing sensitive data or causing a denial-of-service condition.

Recommendations Update IBM InfoSphere Information Server to a version later than 11.7.1.6.