{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2900", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-28T02:06:38.367Z", "datePublished": "2025-05-14T18:50:27.327Z", "dateUpdated": "2025-05-14T19:43:19.127Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:semeru_runtime:8.0.302.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:8.0.442.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:11.0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:11.0.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:17.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:17.0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:21.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:21.0.6.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Semeru Runtime", "vendor": "IBM", "versions": [{"lessThanOrEqual": "8.0.442.0", "status": "affected", "version": "8.0.302.0", "versionType": "semver"}, {"lessThanOrEqual": "11.0.26.0", "status": "affected", "version": "11.0.12.0", "versionType": "semver"}, {"lessThanOrEqual": "17.0.14.0", "status": "affected", "version": "17.0.0.0", "versionType": "semver"}, {"lessThanOrEqual": "21.0.6.0", "status": "affected", "version": "21.0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."}], "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-14T18:50:27.327Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7233415"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Remediation/Fixes<br><br>8.0.452.0<br>11.0.27.0<br>17.0.15.0<br>21.0.7.0<br><br>IBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.<br><br>IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.<br>"}], "value": "Remediation/Fixes\n\n8.0.452.0\n11.0.27.0\n17.0.15.0\n21.0.7.0\n\nIBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.\n\nIBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin."}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Semeru Runtime denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T19:42:43.060744Z", "id": "CVE-2025-2900", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T19:43:19.127Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2900", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T19:42:43.060744Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T19:43:15.914Z"}}], "cna": {"title": "IBM Semeru Runtime denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:semeru_runtime:8.0.302.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:8.0.442.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:11.0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:11.0.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:17.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:17.0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:21.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:semeru_runtime:21.0.6.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Semeru Runtime", "versions": [{"status": "affected", "version": "8.0.302.0", "versionType": "semver", "lessThanOrEqual": "8.0.442.0"}, {"status": "affected", "version": "11.0.12.0", "versionType": "semver", "lessThanOrEqual": "11.0.26.0"}, {"status": "affected", "version": "17.0.0.0", "versionType": "semver", "lessThanOrEqual": "17.0.14.0"}, {"status": "affected", "version": "21.0.0.0", "versionType": "semver", "lessThanOrEqual": "21.0.6.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Remediation/Fixes\n\n8.0.452.0\n11.0.27.0\n17.0.15.0\n21.0.7.0\n\nIBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.\n\nIBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.", "supportingMedia": [{"type": "text/html", "value": "Remediation/Fixes<br><br>8.0.452.0<br>11.0.27.0<br>17.0.15.0<br>21.0.7.0<br><br>IBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.<br><br>IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7233415", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.", "supportingMedia": [{"type": "text/html", "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-14T18:50:27.327Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2900", "state": "PUBLISHED", "dateUpdated": "2025-05-14T19:43:19.127Z", "dateReserved": "2025-03-28T02:06:38.367Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-05-14T18:50:27.327Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."}, {"lang": "es", "value": "IBM Semeru Runtime 8.0.302.0 a 8.0.442.0, 11.0.12.0 a 11.0.26.0, 17.0.0.0 a 17.0.14.0 y 21.0.0.0 a 12.0.6.0 es vulnerable a una denegaci\u00f3n de servicio causada por un desbordamiento de b\u00fafer y un bloqueo posterior, debido a un defecto en su implementaci\u00f3n de cifrado AES/CBC nativa."}], "id": "CVE-2025-2900", "lastModified": "2025-05-16T14:43:56.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-05-14T19:15:52.690", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7233415"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}