ICS: Multiple Siemens TeleControl Server Vulnerabilities

April 22, 2025

Cactus Ransomware – Active IOCs

April 23, 2025

Multiple IBM Products Vulnerabilities

April 23, 2025

Severity

High

Analysis Summary

CVE-2025-1950 CVSS:9.3

IBM Hardware Management Console - Power Systems could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.

CVE-2025-1951 CVSS:8.4

IBM Hardware Management Console - Power Systems could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.

CVE-2025-27907 CVSS:4.1

IBM WebSphere Application Server is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Impact

Gain Access
Privilege Escalation

Indicators of Compromise

CVE

CVE-2025-1950
CVE-2025-1951
CVE-2025-27907

Affected Vendors

Affected Products

IBM WebSphere Application Server 8.5
IBM WebSphere Application Server 9.0
IBM Hardware Management Console - Power Systems V10.2.1030.0
IBM Hardware Management Console - Power Systems V10.3.1050.0

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-1950

CVE-2025-1951

CVE-2025-27907

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Local Privilege Escalation to Root via Sudo chroot in Linux

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us