SB2025121277 - Multiple vulnerabilities in IBM Documentation Offline 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025121277

SB2025121277 - Multiple vulnerabilities in IBM Documentation Offline

Published: December 12, 2025

Security Bulletin ID SB2025121277
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Memory leak (CVE-ID: CVE-2025-23165)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in ReadFileUtf8 caused by a corrupted pointer. A remote attacker can force the application to leak memory and perform denial of service attack.


2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-23167)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP/1 headers in llhttp. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


3) Improper error handling (CVE-ID: CVE-2025-23166)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect error handling in async cryptographic operations within the SignTraits::DeriveBits() function. A remote attacker can send specially crafted input to the application can crash the Node.js runtime.


Remediation

Install update from vendor's website.

References