SB2025070709 - Multiple vulnerabilities in IBM Observability with Instana
Published: July 7, 2025 Updated: August 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-27817)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in Apache Kafka Client. The application accepts configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
2) Untrusted search path (CVE-ID: CVE-2025-4802)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted LD_LIBRARY_PATH environment variable. A local user can use the LD_LIBRARY_PATH environment variable to point to a malicious binary and execute arbitrary code with escalated privileges.
The vulnerability affects statically linked setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
3) Out-of-bounds write (CVE-ID: CVE-2025-24528)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when calculating ulog block size in kadmind. A remote user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2024-12243)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to libtasn1 does not properly control consumption of internal resources when decoding certain DER-encoded certificate data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
5) Improper input validation (CVE-ID: CVE-2025-30698)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the 2D component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
6) Improper input validation (CVE-ID: CVE-2025-21587)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
7) Input validation error (CVE-ID: CVE-2025-41234)
The vulnerability allows a remote attacker to perform a reflected file download attack.
The vulnerability exists due to application sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. A remote attacker can trick the victim into downloading arbitrary files from an attacker controlled location.
8) Resource exhaustion (CVE-ID: CVE-2024-12133)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources processing a large number of SEQUENCE OF or SET OF elements in a certificate. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.