June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Siemens TeleControl Server Vulnerabilities
April 22, 2025
Cactus Ransomware – Active IOCs
April 23, 2025
ICS: Multiple Siemens TeleControl Server Vulnerabilities
April 22, 2025
Cactus Ransomware – Active IOCs
April 23, 2025
Severity
High
Analysis Summary
CVE-2025-1950 CVSS:9.3
IBM Hardware Management Console - Power Systems could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
CVE-2025-1951 CVSS:8.4
IBM Hardware Management Console - Power Systems could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
CVE-2025-27907 CVSS:4.1
IBM WebSphere Application Server is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Impact
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-1950
CVE-2025-1951
CVE-2025-27907
Affected Vendors
- IBM
Affected Products
- IBM WebSphere Application Server 8.5
- IBM WebSphere Application Server 9.0
- IBM Hardware Management Console - Power Systems V10.2.1030.0
- IBM Hardware Management Console - Power Systems V10.3.1050.0
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.
