CVE-2025-25025: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 12.0 contains a vulnerability (CVE-2025-25025) that allows remote attackers to obtain sensitive information through detailed technical error messages displayed in the browser. The vulnerability was disclosed on May 27, 2025, and affects version 12.0 of the software (IBM Advisory, NVD).

The vulnerability is classified as CWE-209 (Generation of Error Message Containing Sensitive Information). It has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This scoring indicates that the vulnerability requires low attack complexity, requires low privileges, and can be exploited remotely without user interaction (IBM Advisory, Wiz).

When exploited, the vulnerability allows attackers to obtain sensitive system information through detailed technical error messages displayed in the web browser. This exposed information could potentially be used as intelligence for conducting further attacks against the target system (IBM Advisory).

IBM has released an update to address this vulnerability in IBM Guardium Data Protection 12.0. Customers are encouraged to promptly update their systems with the available fix from IBM Fix Central (IBM Advisory).