OpenText has issued a critical security advisory addressing two significant vulnerabilities in its Operations Bridge Manager (OBM) software—CVE-2025-3476 and CVE-2025-3272—both affecting multiple versions of the platform. These flaws could be exploited by authenticated users to gain elevated privileges or bypass password authentication protocols.
Operations Bridge Manager (OBM) is a central component of OpenText’s AI Operations Management (AIOps) platform, providing enterprise-grade event and performance management. The platform offers unified visibility across complex IT environments, including on-premises systems, private/public clouds, and containerized infrastructure.
A high-severity vulnerability, tracked as CVE-2025-3476 (CVSSv4 9.4), has been identified that allows authenticated users to escalate their privileges within OBM environments. According to the advisory, “a vulnerability was detected in Operations Bridge Manager, which allows privilege escalation by authenticated users.”
| Affected Version | Upgrade To | Hotfix |
|---|---|---|
| OBM 2023.05 | OBM 25.2+ | HOTFIX30746 |
| OBM 23.4 | OBM 25.2+ | HOTFIX30733 |
| OBM 24.2 | OBM 25.2+ | HOTFIX30732 |
| OBM 24.4 | OBM 25.2+ | HOTFIX30731 |
If an upgrade is not feasible, hotfixes can be requested by contacting OpenText support.
The second vulnerability, tracked as CVE-2025-3272 (CVSSv4 6.7), is a medium-severity flaw where authenticated users may reset their passwords without providing the old one—a scenario that weakens security controls over user authentication.
| Affected Version | Upgrade To | Hotfix |
|---|---|---|
| OBM 24.2 | OBM 25.2+ | HOTFIX30732 |
| OBM 24.4 | OBM 25.2+ | HOTFIX30731 |
