CVE-2025-1994

Summary

IBM Cognos Command Center 10.2.4.1 and 10.2.5

could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.

Affected Software

VendorProductVersion RangeStatus
IBMCognos Command Center10.2.4.1affected
IBMCognos Command Center10.2.5affected

Weaknesses

  • CWE-242: CWE-242 Use of Inherently Dangerous Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References