CVE-2025-2900

Published: May 14, 2025Modified: Aug 19, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.

Affected (4)

Products: Ibm: Semeru Runtime

Ibm

1 product

Semeru Runtime

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Semeru Runtime	From 11.0.12.0 to 11.026.0
Ibm Semeru Runtime	From 17.0.0.0 to 17.0.14.0
Ibm Semeru Runtime	From 21.0.0.0 to 21.0.6.0
Ibm Semeru Runtime	From 8.0.302.0 to 8.0.442.0

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.ibm.com/support/pages/node/7233415

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.