CVE-2025-2236

LOW

OpenText Advanced Authentication <6.5 - Info Disclosure

Title source: llm

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5.

References (1)

[Various Sources] https://portal.microfocus.com/s/article/KM000039947

Scores

CVSS v4 2.1

EPSS 0.0007

EPSS Percentile 21.6%

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:N/V:C/RE:M/U:Red

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (1)

OpenText/Advanced Authentication < 6.5

Published May 27, 2025

Tracked Since Feb 18, 2026