CVE-2025-33111 | THREATINT

Description

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.

PUBLISHED Reserved 2025-04-15 | Published 2025-12-08 | Updated 2025-12-09 | Assigner ibm

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-379 Creation of Temporary File in Directory with Insecure Permissions

Product status

11.1.0 (semver)

affected

11.0.0 (semver)

affected

References

www.ibm.com/support/pages/node/7253273 vendor-advisory patch

cve.org (CVE-2025-33111)

nvd.nist.gov (CVE-2025-33111)

Download JSON