CVE-2025-2138

🗓️ 12 Oct 2025 13:37:02Reported by ibmType

Authenticated user can delete others' comments in Doors Next via client side security bypass.

Reporter	Title	Published	Views	Family All 11
IBM Security Bulletins	Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Broken Access Control for reviews (CVE-2025-2139) and comments (CVE-2025-2138), email spoofing (CVE-2025-2140) and DoS attacks (CVE-2025-33096)	29 Oct 202522:18	–	ibm
Circl	CVE-2025-2138	12 Oct 202514:15	–	circl
CNNVD	IBM Engineering Requirements Management DOORS Next 安全漏洞	12 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-2138 IBM Engineering Requirements Management Doors Next data modification	12 Oct 202513:37	–	cvelist
EUVD	EUVD-2025-33893	12 Oct 202515:30	–	euvd
Tenable Nessus	IBM Engineering Requirements Management DOORS Next Multiple Vulnerabilities (7247716)	17 Oct 202500:00	–	nessus
NVD	CVE-2025-2138	12 Oct 202514:15	–	nvd
OSV	CVE-2025-2138	12 Oct 202514:15	–	osv
Positive Technologies	PT-2025-41720	12 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-2138	13 Oct 202514:21	–	redhatcve

NVD

Vulners

Node

ibm engineering_requirements_management_doors_nextMatch7.0.2

ibm engineering_requirements_management_doors_nextMatch7.0.3

ibm engineering_requirements_management_doors_nextMatch7.1

AND

ibm aixMatch-

linux linux_kernelMatch-

microsoft windowsMatch-

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Engineering Requirements Management Doors Next",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.2"
      },
      {
        "status": "affected",
        "version": "7.0.3"
      },
      {
        "status": "affected",
        "version": "7.1"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7247716

16 Oct 2025 14:25Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.13.5

EPSS0.00015

SSVC

CWE-602