CVE-2025-0895

Published Mar 2, 2025

Last updated 15 days ago

CVSS low 2.4

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0895 is an information disclosure vulnerability affecting IBM Cognos Analytics Mobile version 1.1 for Android. A user with physical access to a device running the affected software could potentially obtain sensitive information from debugging code log messages. This vulnerability has been assigned the Common Weakness Enumeration (CWE) identifier CWE-215, which refers to the insertion of sensitive information into debugging code. This vulnerability was first identified on January 30, 2025, and is considered relatively easy to exploit locally. It does not require any specific authentication to exploit. IBM has published an advisory regarding this vulnerability, and upgrading the affected software is the recommended mitigation strategy.

Description
IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
2.4
Impact score
1.4
Exploitability score
0.9
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
LOW

Weaknesses

psirt@us.ibm.com
CWE-215

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-0895 🟢 LOW (2.4) 🏢 IBM - Cognos Analytics Mobile 🏗️ 1.1 🔗 https://t.co/dVnaLqxdd8 #CyberCron #VulnAlert #InfoSec https://t.co/XYs3NpjGpQ

    @cybercronai

    4 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-0895 IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. https://t.co/DmJ4DuoEPq

    @CVEnew

    3 Mar 2025

    300 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. New post from https://t.co/uXvPWJy6tj (CVE-2025-0895 | IBM Cognos Analytics Mobile 1.1 on Android insertion of sensitive information into debugging code) has been published on https://t.co/DyeuplIfKS

    @WolfgangSesin

    3 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2025-0895 🟢 LOW (2.4) 🏢 IBM - Cognos Analytics Mobile 🏗️ 1.1 🔗 https://t.co/dVnaLqxdd8 #CyberCron #VulnAlert #InfoSec @IBM https://t.co/jYkTb68Kub

    @cybercronai

    2 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-0895 03/02/2025 04:15:35 PM BaseSeverity: LOW IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. https://t.co/dyTMjVjmXh

    @CVETracker

    2 Mar 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References