IBM Cloud Pak flaws expose firms to cyber risks

BM has disclosed multiple security vulnerabilities in its Cloud Pak System that could allow remote attackers to compromise system integrity through HTML injection and prototype pollution, reports GBHackers News.

The HTML injection flaw, CVE-2025-2895, permits attackers to embed malicious scripts into web pages, potentially enabling session hijacking and credential theft, while the prototype pollution vulnerability, CVE-2020-5258, targets the Dojo NPM package, allowing malicious actors to manipulate application logic and execute arbitrary code. Affected versions span both Intel and Power architectures, with IBM urging customers to upgrade to version 2.3.6.0 or contact support for patches. These threats are compounded by other critical issues across the Cloud Pak ecosystem, including authentication bypasses and cryptographic weaknesses. IBM advises immediate patching, comprehensive system audits, and enhanced monitoring to minimize risk. As attackers increasingly exploit such vectors, the flaws highlight the urgent need for enterprises to strengthen their cloud infrastructure security posture and ensure timely mitigation of known exploits.