IBM Planning Analytics 2.0/2.1 Session Hijack: Logout Fails to Invalidate
CVE-2025-33005 Published on June 1, 2025
IBM Planning Analytics Local session fixation
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Vulnerability Analysis
CVE-2025-33005 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Products Associated with CVE-2025-33005
stack.watch emails you whenever new vulnerabilities are published in IBM Planning Analytics Local or IBM Planning Analytics. Just hit a watch button to start following.
Affected Versions
IBM Planning Analytics Local:- Version 2.0 is affected.
- Version 2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.