CVE-2025-13375 (GCVE-0-2025-13375)

Vulnerability from cvelistv5 – Published: 2026-02-04 20:31 – Updated: 2026-02-06 19:24
VLAI?
Title
IBM Common Cryptographic Architecture Arbitrary Command Execution
Summary
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Common Cryptographic Architecture Affected: 7.5.52 (semver)
Affected: 8.4.82 (semver)
    cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:linux:x86:*
    cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:aix:*:*
    cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:ibm_i:*:*
    cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:powerlinux:*:*
    cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:linux:x86:*
    cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:aix:*:*
    cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:ibm_i:*:*
    cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:powerlinux:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13375",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T19:23:54.508016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-06T19:24:03.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:linux:x86:*",
            "cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:ibm_i:*:*",
            "cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:powerlinux:*:*",
            "cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:linux:x86:*",
            "cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:aix:*:*",
            "cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:ibm_i:*:*",
            "cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:powerlinux:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux x86",
            "IBM AIX",
            "IBM i",
            "IBM PowerLinux"
          ],
          "product": "Common Cryptographic Architecture",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.52",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.4.82",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "IBM 4769 Developers Toolkit",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5.52"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Common Cryptographic Architecture (CCA)\u0026nbsp;7.5.52 and\u0026nbsp;8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system."
            }
          ],
          "value": "IBM Common Cryptographic Architecture (CCA)\u00a07.5.52 and\u00a08.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T20:46:57.901Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7259625"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability now by upgrading:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version(s)\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 7 MTM for 4769\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 8 MTM for 4770\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e8.4.84\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM 4769 Developers Toolkit\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading:\u00a0\n\nProduct(s)Fixed Version(s)CCA 7 MTM for 4769\n\n7.5.53\n\nCCA 8 MTM for 4770\n\n8.4.84\n\nIBM 4769 Developers Toolkit\n\n7.5.53"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Common Cryptographic Architecture Arbitrary Command Execution",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13375",
    "datePublished": "2026-02-04T20:31:13.398Z",
    "dateReserved": "2025-11-18T19:19:10.873Z",
    "dateUpdated": "2026-02-06T19:24:03.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13375\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-02-04T21:15:57.213\",\"lastModified\":\"2026-02-05T14:57:20.563\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Common Cryptographic Architecture (CCA)\u00a07.5.52 and\u00a08.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7259625\",\"source\":\"psirt@us.ibm.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13375\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-06T19:23:54.508016Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T19:23:59.036Z\"}}], \"cna\": {\"title\": \"IBM Common Cryptographic Architecture Arbitrary Command Execution\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:linux:x86:*\", \"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:aix:*:*\", \"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:ibm_i:*:*\", \"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:powerlinux:*:*\", \"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:linux:x86:*\", \"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:aix:*:*\", \"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:ibm_i:*:*\", \"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:powerlinux:*:*\"], \"vendor\": \"IBM\", \"product\": \"Common Cryptographic Architecture\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.5.52\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.4.82\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux x86\", \"IBM AIX\", \"IBM i\", \"IBM PowerLinux\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"IBM 4769 Developers Toolkit\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.5.52\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerability now by upgrading:\\u00a0\\n\\nProduct(s)Fixed Version(s)CCA 7 MTM for 4769\\n\\n7.5.53\\n\\nCCA 8 MTM for 4770\\n\\n8.4.84\\n\\nIBM 4769 Developers Toolkit\\n\\n7.5.53\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability now by upgrading:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version(s)\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 7 MTM for 4769\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 8 MTM for 4770\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e8.4.84\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM 4769 Developers Toolkit\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7259625\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Common Cryptographic Architecture (CCA)\\u00a07.5.52 and\\u00a08.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Common Cryptographic Architecture (CCA)\u0026nbsp;7.5.52 and\u0026nbsp;8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-250\", \"description\": \"CWE-250\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-02-04T20:46:57.901Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13375\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-06T19:24:03.660Z\", \"dateReserved\": \"2025-11-18T19:19:10.873Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-02-04T20:31:13.398Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.