Login Sign Up

CVE-2025-3440

5.5 MEDIUM
Cross-Site Scripting

📋 TL;DR

IBM Security Guardium 11.5 contains a stored cross-site scripting (XSS) vulnerability that allows privileged users to inject malicious JavaScript into the web interface. This could enable attackers to steal credentials or perform unauthorized actions within authenticated sessions. Only users with administrative privileges can exploit this vulnerability.

💻 Affected Systems

Products:
  • IBM Security Guardium
Versions: 11.5
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires privileged user access to exploit; standard users cannot trigger the vulnerability.

📦 What is this software?

Security Guardium by Ibm

View all CVEs affecting Security Guardium →

Security Guardium by Ibm

View all CVEs affecting Security Guardium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker steals administrator credentials, gains full system control, and exfiltrates sensitive security data from Guardium deployments.

🟠

Likely Case

Malicious insider or compromised admin account uses stored XSS to steal session cookies or credentials from other administrators.

🟢

If Mitigated

With proper access controls and input validation, impact limited to isolated UI manipulation without credential theft.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires privileged access to the Guardium web interface; no public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix per IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7233600

Restart Required: Yes

Instructions:

1. Review IBM advisory 7233600
2. Download appropriate fix from IBM Fix Central
3. Apply fix following IBM documentation
4. Restart Guardium services
5. Verify fix application

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for all user-controllable fields in Guardium web interface

Privilege Reduction

all

Review and minimize number of users with administrative privileges in Guardium

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to limit script execution
  • Monitor privileged user activities and audit all administrative actions in Guardium

🔍 How to Verify

Check if Vulnerable:

Check Guardium version via web interface or command line; version 11.5 is vulnerable

Check Version:

grdapi getVersion or check via Guardium web interface

Verify Fix Applied:

Verify fix application through Guardium patch management interface or version check

📡 Detection & Monitoring

Log Indicators:

  • Unusual administrative user activity
  • Multiple failed login attempts from admin accounts
  • Suspicious JavaScript injection in audit logs

Network Indicators:

  • Unexpected outbound connections from Guardium server
  • Credential exfiltration patterns

SIEM Query:

source="guardium" AND (event_type="admin_action" OR user="admin") AND action="modify_ui"

📊 Metadata

CVE ID: CVE-2025-3440
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (13.4th percentile)
Published: May 15, 2025
Last Updated: June 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3440, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)