← back
CVE-2025-13478

Cache Misconfiguration Leading to Cross-User Data Exposure

CVSS 8.4 HIGHEPSS 0.3%CWE-522
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2(v4.10.1).
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
Affected products
OpenText · Identity Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.microfocus.com/doc/2159/25.2/cvesecurityfixhttps://docs.microfocus.com/doc/2159/25.2/releasenotesidentitymanager4101patch01