CVE-2025-27900

MEDIUM

IBM DB2 Recovery Expert 5.5 IF002 - Open Redirect

Title source: llm

Description

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

References (1)

[Various Sources] https://www.ibm.com/support/pages/node/7259901

Scores

CVSS v3 6.8

EPSS 0.0004

EPSS Percentile 11.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

ibm/db2_recovery_expert 5.5.0 interim_fix_002 (3 CPE variants)

Published Feb 17, 2026

Tracked Since Feb 18, 2026