Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-2900 CVSS:7.5

IBM Semeru Runtime is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.

CVE-2025-33104 CVSS:4.4

IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Impact

Buffer Overflow
Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2025-2900
CVE-2025-33104

Affected Vendors

Affected Products

IBM Semeru Runtime - 11.0.12.0 - 11.0.26.0
IBM Websphere Application Server - 8.5
IBM Websphere Application Server - 9.0
IBM Semeru Runtime - 8.0.302.0 - 8.0.442.0
IBM Semeru Runtime - 17.0.0.0 - 17.0.14.0
IBM Semeru Runtime - 21.0.0.0 - 21.06.0

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-2900

CVE-2025-33104

Multiple Adobe Photoshop Vulnerabilities

CVE-2025-4664 – Google Chrome Vulnerability

Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan