Security Advisory

IBM Product Security Update Advisory

  • Jul 03 2025
IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-1095

 

IBM Personal Communications Version: v14 All
IBM Personal Communications Version: v15 All

 

CVE-2025-2900

 

IBM Semeru Runtime Version: 8.0.302.0 or later and 8.0.442.0 or earlier
IBM Semeru Runtime Version: 11.0.12.0 or later and 11.0.26.0 or earlier
IBM Semeru Runtime version: 17.0.0.0.0 or later 17.0.14.0 or later
IBM Semeru Runtime version: 21.0.0.0 or later and 21.0.6.0 or earlier

 

 

Resolved Vulnerabilities

 

Privilege escalation vulnerability in IBM Personal Communications (CVE-2025-1095)
Denial of service attack vulnerability due to buffer overflows and crashes caused by a flaw in the Implementation of AES/CBC encryption in the IBM Semeru Runtime (CVE-2025-2900)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-1095

 

IBM Personal Communications Version: PCOMM v14.0.8_iFix001 [2]
IBM Personal Communications Version: PCOMM v15.0.3_iFix002 [3]

 

CVE-2025-2900

 

IBM Semeru Runtime Version: 8.0.452.0
IBM Semeru Runtime Version: 11.0.27.0
IBM Semeru Runtime Version : 17.0.15.0
IBM Semeru Runtime Version: 21.0.7.0

 

 

References

 

[1] Security Bulletin: Vulnerability found in Personal Communications through deployment of arbitrary MSI package.
https://www.ibm.com/support/pages/node/7230335
[2] Rational, Personal Communications (14.0.8, Windows)
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Personal+Communications&release=14.0.8&platform=Windows&function=all
[3] Rational, Personal Communications (15.0.3, Windows)
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Personal+Communications&release=15.0.3&platform=Windows&function=all
[4] Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
https://www.ibm.com/support/pages/node/7233415

Tags:
Previous Post

Next Post