CVE-2025-36121 is an HTML injection vulnerability classified under CWE-80, affecting IBM OpenPages versions 9.0 and 9.1. The vulnerability arises from improper neutralization of script-related HTML tags, allowing an attacker with remote authenticated access and low privileges to inject malicious HTML or script code into the web application. When a victim user views the injected content, the malicious code executes within the security context of the OpenPages site, potentially leading to theft of session tokens, unauthorized actions, or data leakage. The attack requires the attacker to be authenticated and the victim to interact with the malicious content, which limits the attack surface but does not eliminate risk. The vulnerability does not affect availability but impacts confidentiality and integrity to a limited extent. IBM has not yet released patches or documented exploits in the wild, but the presence of this vulnerability in a governance, risk, and compliance platform is concerning due to the sensitive nature of the data processed. Mitigation involves applying patches when available, enforcing strict input validation and output encoding, and employing Content Security Policy (CSP) headers to reduce the risk of script execution. Monitoring for suspicious user activity and educating users about phishing attempts can also reduce exploitation likelihood.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of sensitive governance and compliance data managed within IBM OpenPages. Attackers exploiting this flaw could hijack user sessions, perform unauthorized actions, or steal sensitive information, potentially leading to regulatory compliance violations under GDPR and other frameworks. The requirement for authentication and user interaction reduces the likelihood of widespread automated exploitation but targeted attacks against privileged users or administrators remain a concern. Organizations in finance, healthcare, and critical infrastructure sectors using OpenPages may face increased risk due to the strategic importance of their data. Additionally, reputational damage and operational disruptions could arise if attackers leverage this vulnerability to escalate privileges or move laterally within networks. The absence of known exploits in the wild currently limits immediate impact, but proactive mitigation is essential to prevent future attacks.

1. Monitor IBM’s security advisories closely and apply official patches or updates for OpenPages 9.0 and 9.1 as soon as they become available. 2. Implement strict input validation on all user-supplied data to ensure that HTML or script tags are properly sanitized or escaped before rendering. 3. Employ output encoding techniques to neutralize any potentially malicious content before it is displayed in the browser. 4. Configure Content Security Policy (CSP) headers to restrict execution of inline scripts and loading of untrusted resources. 5. Limit user privileges to the minimum necessary to reduce the impact of an authenticated attacker. 6. Conduct regular security awareness training to help users recognize and avoid phishing or social engineering attempts that could facilitate exploitation. 7. Use web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting OpenPages. 8. Audit and monitor logs for unusual user activity or injection attempts to enable early detection of exploitation attempts. 9. Consider isolating OpenPages instances in segmented network zones to limit lateral movement if compromised.