CVE-2025-1095

Name of the Vulnerable Software and Affected Versions: IBM Personal Communications versions 14 through 15

Description: The issue allows any interactively logged-in users on the target computer to run commands with full privileges in the context of NT AUTHORITYSYSTEM. This enables a low-privileged attacker to escalate their privileges. The problem is due to an incomplete fix for a previous issue.

Recommendations: For versions 14 and 15, consider restricting access to the Windows service until a complete fix is available. As a temporary workaround, limit interactive logins to minimize the risk of exploitation.