CVE-2025-8997 is an information exposure vulnerability identified in OpenText Enterprise Security Manager, a product by OpenText. The vulnerability is classified under CWE-598, which involves the use of GET request methods with sensitive query strings. This means that sensitive information is transmitted via URL parameters in HTTP GET requests, which can be logged or cached by browsers, proxies, or intermediate network devices, potentially exposing confidential data. The vulnerability can be remotely exploited, requiring low attack complexity but partial authentication and user interaction. According to the CVSS 4.0 vector, the attack vector is network-based (AV:N), with low attack complexity (AC:L), partial privileges required (PR:L), and user interaction needed (UI:A). The vulnerability impacts the confidentiality of data (VC:H), but does not affect integrity or availability. No known exploits are currently in the wild, and no patches have been linked yet. The affected version is listed as "0," which likely indicates an unspecified or initial version of the product. The vulnerability was published on August 25, 2025, indicating it is a recent discovery. The medium severity score of 5.7 reflects moderate risk, primarily due to the exposure of sensitive data through insecure HTTP GET requests, which can be intercepted or logged, leading to potential data leaks or compliance violations.

For European organizations using OpenText Enterprise Security Manager, this vulnerability poses a risk of sensitive information leakage, which can include authentication tokens, session identifiers, or other confidential parameters transmitted via GET requests. Exposure of such data could facilitate further attacks such as session hijacking, unauthorized access, or data breaches. Given the strict data protection regulations in Europe, including GDPR, any leakage of personal or sensitive data could result in significant legal and financial consequences. Additionally, organizations in sectors such as finance, healthcare, and government, which often use enterprise security management solutions, may face increased risk due to the sensitivity of their data. The requirement for partial authentication and user interaction means that insider threats or targeted phishing campaigns could exploit this vulnerability. The lack of available patches increases the urgency for organizations to implement compensating controls to mitigate exposure.

European organizations should immediately review their use of OpenText Enterprise Security Manager to identify any instances where sensitive data is transmitted via GET requests. Specific mitigation steps include: 1) Configuring the application or web server to avoid placing sensitive information in URL query strings; instead, use POST requests or secure headers for transmitting confidential data. 2) Implementing strict access controls and monitoring to detect unusual access patterns or data exfiltration attempts. 3) Employing network-level protections such as TLS encryption to prevent interception of HTTP traffic, ensuring that all communications with the Enterprise Security Manager are over HTTPS. 4) Conducting user awareness training to reduce the risk of social engineering attacks that could trigger user interaction exploitation. 5) Monitoring vendor communications for patches or updates addressing this vulnerability and applying them promptly once available. 6) Reviewing and limiting logging configurations to avoid storing sensitive query strings in logs or caches. 7) Utilizing web application firewalls (WAFs) to detect and block suspicious GET requests containing sensitive parameters. These targeted actions go beyond generic advice by focusing on the specific nature of CWE-598 and the operational context of the affected product.