CVE-2025-2900

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7233415	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:semeru_runtime::::::::
	cpe:2.3:a:ibm:semeru_runtime::::::::
	cpe:2.3:a:ibm:semeru_runtime::::::::
	cpe:2.3:a:ibm:semeru_runtime::::::::

History

19 Aug 2025, 19:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:ibm:semeru_runtime::::::::
References	~~() https://www.ibm.com/support/pages/node/7233415 -~~	() https://www.ibm.com/support/pages/node/7233415 - Vendor Advisory
CWE		CWE-787
First Time		Ibm Ibm semeru Runtime

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) IBM Semeru Runtime 8.0.302.0 a 8.0.442.0, 11.0.12.0 a 11.0.26.0, 17.0.0.0 a 17.0.14.0 y 21.0.0.0 a 12.0.6.0 es vulnerable a una denegación de servicio causada por un desbordamiento de búfer y un bloqueo posterior, debido a un defecto en su implementación de cifrado AES/CBC nativa.

14 May 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 19:15

Updated : 2025-08-19 19:14

NVD link : CVE-2025-2900

Mitre link : CVE-2025-2900

CVE.ORG link : CVE-2025-2900

JSON object : View

Products Affected

ibm

semeru_runtime

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-2900", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-14T19:15:52.690", "references": [{"url": "https://www.ibm.com/support/pages/node/7233415", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."}, {"lang": "es", "value": "IBM Semeru Runtime 8.0.302.0 a 8.0.442.0, 11.0.12.0 a 11.0.26.0, 17.0.0.0 a 17.0.14.0 y 21.0.0.0 a 12.0.6.0 es vulnerable a una denegaci\u00f3n de servicio causada por un desbordamiento de b\u00fafer y un bloqueo posterior, debido a un defecto en su implementaci\u00f3n de cifrado AES/CBC nativa."}], "lastModified": "2025-08-19T19:14:18.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7BBE52B-E146-4F12-A1C6-9E52E25E0F47", "versionEndIncluding": "8.0.442.0", "versionStartIncluding": "8.0.302.0"}, {"criteria": "cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB568CA3-4FEC-44AC-9561-012F8801F234", "versionEndIncluding": "11.026.0", "versionStartIncluding": "11.0.12.0"}, {"criteria": "cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5D9E8D4-0E2B-47F9-896E-4A9CF7E4BC8C", "versionEndIncluding": "17.0.14.0", "versionStartIncluding": "17.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "988591A6-8853-4B4B-A936-275366455364", "versionEndIncluding": "21.0.6.0", "versionStartIncluding": "21.0.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}