CVE-2025-1331 (GCVE-0-2025-1331)
Vulnerability from cvelistv5
Published
2025-05-08 21:55
Modified
2025-08-28 14:19
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-242 - Use of Inherently Dangerous Function
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
References
Impacted products
Vendor Product Version
IBM CICS TX Standard Version: 11.1
    cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*
 Create a notification for this product.
   IBM CICS TX Advanced Version: 10.1
Version: 11.1
    cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*
    cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-10T03:55:12.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "CICS TX Standard",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*",
            "cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "CICS TX Advanced",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "10.1"
            },
            {
              "status": "affected",
              "version": "11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u0026nbsp;could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."
            }
          ],
          "value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-242",
              "description": "CWE-242 Use of Inherently Dangerous Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:19:41.668Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7232923"
        },
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7232924"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix.   \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix.   \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM CICS TX code execution",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1331",
    "datePublished": "2025-05-08T21:55:41.116Z",
    "dateReserved": "2025-02-15T00:10:22.206Z",
    "dateUpdated": "2025-08-28T14:19:41.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-09T13:43:31.302095Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-09T13:43:39.444Z\"}}], \"cna\": {\"title\": \"IBM CICS TX code execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*\"], \"vendor\": \"IBM\", \"product\": \"CICS TX Standard\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.1\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*\", \"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*\"], \"vendor\": \"IBM\", \"product\": \"CICS TX Advanced\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1\"}, {\"status\": \"affected\", \"version\": \"11.1\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix.   \\n\\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix.   \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7232923\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/7232924\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u0026nbsp;could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-242\", \"description\": \"CWE-242 Use of Inherently Dangerous Function\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-08-28T14:19:41.668Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1331\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-28T14:19:41.668Z\", \"dateReserved\": \"2025-02-15T00:10:22.206Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-05-08T21:55:41.116Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.