CVE-2025-1997 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection

🗓️ 27 Mar 2025 14:39:48Reported by ibmType

IBM UrbanCode Deploy may allow unauthorized access and data exposure due to missing authentication.

Reporter	Title	Published	Views	Family All 9
CNNVD	IBM UrbanCode Deploy（IBM UCD）和IBM DevOps Deploy 安全漏洞	27 Mar 202500:00	–	cnnvd
CVE	CVE-2025-1997	27 Mar 202514:39	–	cve
EUVD	EUVD-2025-8500	3 Oct 202520:07	–	euvd
IBM Security Bulletins	Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to HTML injection vulnerability (CVE-2025-1997)	27 Mar 202500:19	–	ibm
NVD	CVE-2025-1997	27 Mar 202515:15	–	nvd
OSV	CVE-2025-1997	27 Mar 202515:15	–	osv
Positive Technologies	PT-2025-13207 · Ibm · Ibm Urbancode Deploy +1	27 Mar 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-1997	7 Jan 202609:18	–	redhatcve
Vulnrichment	CVE-2025-1997 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection	27 Mar 202514:39	–	vulnrichment

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "UrbanCode Deploy",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "7.0.5.25",
        "status": "affected",
        "version": "7.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.1.2.21",
        "status": "affected",
        "version": "7.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.2.3.14",
        "status": "affected",
        "version": "7.2",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.3.2.9",
        "status": "affected",
        "version": "7.3",
        "versionType": "semver"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "DevOps Deploy",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "8.0.1.4",
        "status": "affected",
        "version": "8.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "8.1"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7229035

29 Sep 2025 18:09Current

CVSS 3.15.4

EPSS0.00106

CWE-80