Main Vulnerability Database SB2025062506

SB2025062506 - IBM watsonx Code Assistant IDE Extensions update for Prism

Published: June 25, 2025

Security Bulletin ID SB2025062506

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Code Injection (CVE-ID: CVE-2024-53382)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to Prism (aka PrismJS) allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.. A remote user can send a specially crafted request and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7237716