CVE-2025-1329

Published: May 8, 2025Modified: Jun 5, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.

Affected (25)

Products: Ibm: Cics Tx

Ibm

1 product

Cics Tx

Configuration A

25 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Cics Tx	Version 11.1.0.0
Ibm Cics Tx	Version 11.1.0.0 interim_fix_10
Ibm Cics Tx	Version 11.1.0.0 interim_fix_11
Ibm Cics Tx	Version 11.1.0.0 interim_fix_12
Ibm Cics Tx	Version 11.1.0.0 interim_fix_13
Ibm Cics Tx	Version 11.1.0.0 interim_fix_14
Ibm Cics Tx	Version 11.1.0.0 interim_fix_15
Ibm Cics Tx	Version 11.1.0.0 interim_fix_16
Ibm Cics Tx	Version 11.1.0.0 interim_fix_17
Ibm Cics Tx	Version 11.1.0.0 interim_fix_18
Ibm Cics Tx	Version 11.1.0.0 interim_fix_19
Ibm Cics Tx	Version 11.1.0.0 interim_fix_1
Ibm Cics Tx	Version 11.1.0.0 interim_fix_20
Ibm Cics Tx	Version 11.1.0.0 interim_fix_21
Ibm Cics Tx	Version 11.1.0.0 interim_fix_22
Ibm Cics Tx	Version 11.1.0.0 interim_fix_23
Ibm Cics Tx	Version 11.1.0.0 interim_fix_24
Ibm Cics Tx	Version 11.1.0.0 interim_fix_2
Ibm Cics Tx	Version 11.1.0.0 interim_fix_3
Ibm Cics Tx	Version 11.1.0.0 interim_fix_4
Ibm Cics Tx	Version 11.1.0.0 interim_fix_5
Ibm Cics Tx	Version 11.1.0.0 interim_fix_6
Ibm Cics Tx	Version 11.1.0.0 interim_fix_7
Ibm Cics Tx	Version 11.1.0.0 interim_fix_8
Ibm Cics Tx	Version 11.1.0.0 interim_fix_9

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.ibm.com/support/pages/node/7232923

Source: psirt@us.ibm.com

Vendor Advisory

https://www.ibm.com/support/pages/node/7232924

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.