CRITICAL🇵🇱 Wersja polska

CVE-2025-13375

CVSS 9.8v3.1pub. 2026-02-04upd. 2026-04-15

IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.

🤖 AI Analysis
How it works

The vulnerability results from improper privilege assignment during operations in the IBM CCA library (CWE-250 — Execution with Unnecessary Privileges). An unauthenticated network user can invoke library operations in a manner that results in the execution of arbitrary system commands with elevated privilege level. The attack requires no user interaction or special preconditions, which significantly lowers the threshold for its execution.

Impact

An attacker can take full control of the system running the vulnerable IBM CCA library, gaining the ability to read, modify, or delete data, including potentially cryptographic keys managed by the library.

Mitigation & patch

Security patches available from the vendor should be applied in accordance with the references — detailed information about patched versions is available at: https://www.ibm.com/support/pages/node/7259625

Who is affected

IBM Common Cryptographic Architecture (CCA) in versions 7.5.52 and 8.4.82.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References