SB2025102911 - Multiple vulnerabilities in IBM Storage Defender - Resiliency Service

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Double free (CVE-ID: CVE-2025-32988)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when exporting a certificate with an otherName in the SAN (subject alternative name) extension. A remote attacker can trick the victim into export a specially crafted certificate, trigger a double free error on the ASN.1 structure and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Heap-based buffer overflow (CVE-ID: CVE-2025-32989)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. A remote attacker can supply a specially crafted X.509 certificate to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) NULL pointer dereference (CVE-ID: CVE-2025-32990)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when the certtool program is invoked with a template file with a number of string pairs for a single keyword. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-58754)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits within data: URL decode. A remote attacker can cause a denial of service condition on the target system.

5) Information disclosure (CVE-ID: CVE-2025-4673)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to sensitive Proxy-Authorization and Proxy-Authenticate headers are not cleared on cross-origin redirect in net/http. A remote attacker can gain access to credentials passed via these headers.

6) Improper input validation (CVE-ID: CVE-2025-8916)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Security and Provisioning (Bouncy Castle Java Library) component in Oracle Essbase. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

7) SQL injection (CVE-ID: CVE-2025-59681)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() methods. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

8) Path traversal (CVE-ID: CVE-2025-59682)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the django.utils.archive.extract() function. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7248617