CVE-2025-36223 – IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP... (How to Fix)

Q: What is the severity of CVE-2025-36223?

CVE-2025-36223 has a CVSS score of 5.4 (MEDIUM). IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject malicious content into HTTP responses, potentially enabling cross-site scripting, cache poisoning, or session hijacking attacks. Organizations running these specific versions of IBM OpenPages are affected.

📋 TL;DR

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject malicious content into HTTP responses, potentially enabling cross-site scripting, cache poisoning, or session hijacking attacks. Organizations running these specific versions of IBM OpenPages are affected.

💻 Affected Systems

Products:

IBM OpenPages

Versions: 9.0 and 9.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Openpages by Ibm

View all CVEs affecting Openpages →

Openpages by Ibm

View all CVEs affecting Openpages →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack user sessions, steal sensitive data, or redirect users to malicious sites through successful cross-site scripting or cache poisoning attacks.

🟠

Likely Case

Attackers could inject malicious scripts or content into web pages viewed by users, potentially stealing session cookies or credentials.

🟢

If Mitigated

With proper input validation and output encoding controls, the impact would be limited to minor information disclosure or denial of service.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

HTTP header injection typically requires minimal technical skill to exploit once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the fix as described in IBM Security Bulletin

Vendor Advisory: https://www.ibm.com/support/pages/node/7250239

Restart Required: Yes

Instructions:

1. Review IBM Security Bulletin for specific patch details
2. Download and apply the appropriate fix from IBM Fix Central
3. Restart the OpenPages application server
4. Verify the fix is properly applied

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block malicious HOST header injections

Reverse Proxy Filtering

all

Configure reverse proxy to validate and sanitize HOST headers before reaching OpenPages

🧯 If You Can't Patch

Implement strict input validation at network perimeter devices
Monitor for unusual HOST header patterns in web server logs

🔍 How to Verify

Check if Vulnerable:

Check OpenPages version via administrative interface or by examining installed packages

Check Version:

Check OpenPages version in administrative console or via package manager

Verify Fix Applied:

Verify patch installation through IBM Fix Central verification or version check

📡 Detection & Monitoring

Log Indicators:

Unusual HOST header patterns in web server logs
Multiple failed injection attempts

Network Indicators:

HTTP requests with malformed or unusually long HOST headers
Requests containing script tags or special characters in HOST headers

SIEM Query:

Search for web logs containing suspicious HOST header patterns (e.g., containing <script>, javascript:, or unusual characters)

📊 Metadata

CVE ID: CVE-2025-36223

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-644

EPSS Score: 0.04% exploit probability (9.8th percentile)

Published: November 12, 2025

Last Updated: November 18, 2025

🔗 References

https://www.ibm.com/support/pages/node/7250239 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36223, you might also want to check these: