CVE-2025-2900

Summary

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.

Affected Software

VendorProductVersion RangeStatus
IBMSemeru Runtime8.0.302.0 <= 8.0.442.0affected
IBMSemeru Runtime11.0.12.0 <= 11.0.26.0affected
IBMSemeru Runtime17.0.0.0 <= 17.0.14.0affected
IBMSemeru Runtime21.0.0.0 <= 21.0.6.0affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References