November 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
GCleaner Malware – Active IOCs
October 31, 2025Multiple Microsoft Windows Products Vulnerabilities
October 31, 2025GCleaner Malware – Active IOCs
October 31, 2025Multiple Microsoft Windows Products Vulnerabilities
October 31, 2025
Severity
High
Analysis Summary
CVE-2025-3356 CVSS:8.6
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
CVE-2025-3355 CVSS:7.5
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2025-36137 CVSS:7.2
IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-3356
CVE-2025-3355
CVE-2025-36137
Affected Vendors
- IBM
Affected Products
- IBM Tivoli Monitoring 6.3.0.7
- IBM Tivoli Monitoring 6.3.0.7:sp21
- IBM Sterling Connect:Direct for Unix 6.2.0.7
- IBM Sterling Connect:Direct for Unix 6.2.0.9 iFix004
- IBM Sterling Connect:Direct for Unix 6.4.0.0
- IBM Sterling Connect:Direct for Unix 6.4.0.2 iFix001
- IBM Sterling Connect:Direct for Unix 6.3.0.2
- IBM Sterling Connect:Direct for Unix 6.3.0.5 iFix002
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.