CVE-2025-2140

MEDIUM

IBM Engineering Requirements Management Doors Next <7.1 - Auth Bypass

Title source: llm

Description

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7247716

Scores

CVSS v3 5.7

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-346

Status published

Products (3)

ibm/engineering_requirements_management_doors_next 7.0.2

ibm/engineering_requirements_management_doors_next 7.0.3

ibm/engineering_requirements_management_doors_next 7.1

Published Oct 12, 2025

Tracked Since Feb 18, 2026