Analysis Summary

CVE-2025-33077 CVSS:8.8

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

CVE-2025-33076 CVSS:8.8

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

CVE-2025-33020 CVSS:5.9

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.

CVE-2025-36117 CVSS:6.3

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

CVE-2025-36116 CVSS:6.3

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

Impact

• Code Execution
• Information Disclosure
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-33077

• CVE-2025-33076

• CVE-2025-33020

• CVE-2025-36117

• CVE-2025-36116

Affected Vendors

Remediation

Refer to IBM Website for patch, upgrade, or suggested workaround information.

CVE-2025-33077

CVE-2025-33076

CVE-2025-33020

CVE-2025-36117

CVE-2025-36116