IDOR in IBM InfoSphere Information Server < 11.7.1.7
CVE-2025-14974 Published on March 25, 2026

IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE-2025-14974 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.

Products Associated with CVE-2025-14974

Want to know whenever a new CVE is published for IBM Infosphere Information Server? stack.watch will email you.

IBM Infosphere Information Server

Affected Versions

IBM InfoSphere Information Server:

Version 11.7.0.0, <= 11.7.1.6 is affected.

Exploit Probability

EPSS

0.04%

Percentile

10.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IDOR in IBM InfoSphere Information Server < 11.7.1.7CVE-2025-14974 Published on March 25, 2026

Vulnerability Analysis

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

Products Associated with CVE-2025-14974

Affected Versions

Exploit Probability

IDOR in IBM InfoSphere Information Server < 11.7.1.7
CVE-2025-14974 Published on March 25, 2026