CVE-2025-25032

Summary

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

Affected Software

VendorProductVersion RangeStatus
IBMCognos Analytics11.2.0affected
IBMCognos Analytics11.2.1affected
IBMCognos Analytics11.2.2affected
IBMCognos Analytics11.2.3affected
IBMCognos Analytics11.2.4affected
IBMCognos Analytics12.0.0affected
IBMCognos Analytics12.0.1affected
IBMCognos Analytics12.0.2affected
IBMCognos Analytics12.0.3affected
IBMCognos Analytics12.0.4affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References