Home

Description

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.

PUBLISHED Reserved 2025-03-28 | Published 2025-05-14 | Updated 2025-08-28 | Assigner ibm




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status
unaffected

8.0.302.0 (semver)
affected

11.0.12.0 (semver)
affected

17.0.0.0 (semver)
affected

21.0.0.0 (semver)
affected

References

www.ibm.com/support/pages/node/7233415 vendor-advisory patch

cve.org (CVE-2025-2900)

nvd.nist.gov (CVE-2025-2900)

Download JSON