{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2900","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-03-28T02:06:38.367Z","datePublished":"2025-05-14T18:50:27.327Z","dateUpdated":"2025-08-28T14:12:21.020Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:semeru_runtime:8.0.302.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:semeru_runtime:8.0.442.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:semeru_runtime:11.0.12.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:semeru_runtime:11.0.26.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:semeru_runtime:17.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:semeru_runtime:17.0.14.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:semeru_runtime:21.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:semeru_runtime:21.0.6.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Semeru Runtime","vendor":"IBM","versions":[{"lessThanOrEqual":"8.0.442.0","status":"affected","version":"8.0.302.0","versionType":"semver"},{"lessThanOrEqual":"11.0.26.0","status":"affected","version":"11.0.12.0","versionType":"semver"},{"lessThanOrEqual":"17.0.14.0","status":"affected","version":"17.0.0.0","versionType":"semver"},{"lessThanOrEqual":"21.0.6.0","status":"affected","version":"21.0.0.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."}],"value":"IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"CWE-122 Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-28T14:12:21.020Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7233415"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Remediation/Fixes<br><br>8.0.452.0<br>11.0.27.0<br>17.0.15.0<br>21.0.7.0<br><br>IBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.<br><br>IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.<br>"}],"value":"Remediation/Fixes\n\n8.0.452.0\n11.0.27.0\n17.0.15.0\n21.0.7.0\n\nIBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.\n\nIBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin."}],"source":{"discovery":"UNKNOWN"},"title":"IBM Semeru Runtime denial of service","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-14T19:42:43.060744Z","id":"CVE-2025-2900","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-14T19:43:19.127Z"}}]}}