Published On: Apr 11, 2025 08:52
Advisory No: TZCERT-SA-25-0082
Source: IBM
Software Affected: ibm-pcomm
IBM products are vulnerable to critical vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code.
IBM Personal Communications 14 and 15, which include a Windows service, are affected by the vulnerability tracked as CVE-2024-25029 with CVSS scores of 9. The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges.
Successful exploitation of this vulnerability may allow the attackers to take control of the affected system.
IBM has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
