PT-2025-21227 · Ibm · Ibm Semeru Runtime
Published
2025-05-14
·
Updated
2025-08-19
·
CVE-2025-2900
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
IBM Semeru Runtime versions 8.0.302.0 through 8.0.442.0
IBM Semeru Runtime versions 11.0.12.0 through 11.0.26.0
IBM Semeru Runtime versions 17.0.0.0 through 17.0.14.0
IBM Semeru Runtime versions 21.0.0.0 through 12.0.6.0
Description:
The issue is a denial of service caused by a buffer overflow and subsequent crash, due to a defect in the native AES/CBC encryption implementation.
Recommendations:
For versions 8.0.302.0 through 8.0.442.0, update to a version that fixes the defect in the native AES/CBC encryption implementation.
For versions 11.0.12.0 through 11.0.26.0, update to a version that fixes the defect in the native AES/CBC encryption implementation.
For versions 17.0.0.0 through 17.0.14.0, update to a version that fixes the defect in the native AES/CBC encryption implementation.
For versions 21.0.0.0 through 12.0.6.0, update to a version that fixes the defect in the native AES/CBC encryption implementation.
As a temporary workaround, consider disabling the use of the native AES/CBC encryption implementation until a patch is available.
Fix
DoS
Memory Corruption
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Semeru Runtime