Security Advisory regarding TIBCO BPM Enterprise

book

Article ID: KB0137660

calendar_today

Updated On:

Products	Versions
TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM)	4.3.3 and below

Description

TIBCO BPM Enterprise XSS Vulnerability
Original release date: May 14, 2025
Last revised: ---

CVE-2025-2261

Description:

Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use.
The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the web site and run within the user’s browser under the privileges of the web application.

Impact

The impact of this vulnerability includes the theoretical possibility that an attacker could manipulate the system with the same privileges as the logged in user.
CVSS v4 Base Score: 7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Environment

Source: TIBCO Software Inc.

Products Affected: TIBCO BPM Enterprise

Component Affected: TIBCO ActiveMatrix Administrator

Resolution

TIBCO has released updated versions of the affected systems which address this issue

TIBCO BPM Enterprise 4.3.4

Issue/Introduction

Security Advisory regarding TIBCO BPM Enterprise XSS Vulnerability

Additional Information

https://community.tibco.com/advisories

CVE-2025-2261

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"