Vulnerability-Lookup

CVE-2025-33186 (GCVE-0-2025-33186)

Vulnerability from cvelistv5 – Published: 2025-11-11 16:20 – Updated: 2025-11-14 17:39

Summary

NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-798 - Use of Hard-coded Credentials

Assigner

nvidia

References

3 references

URL	Tags
https://nvd.nist.gov/vuln/detail/CVE-2025-33186
https://www.cve.org/CVERecord?id=CVE-2025-33186
https://nvidia.custhelp.com/app/answers/detail/a_…

Impacted products

1 product

Vendor	Product	Version
NVIDIA	AuthN component of NVIDIA AIStore	Affected: All versions prior to 3.31

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33186",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-14T17:39:03.923959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-14T17:39:09.718Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "All"
          ],
          "product": "AuthN component of NVIDIA AIStore",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 3.31"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "value": "NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Escalation of Privileges, Information Disclosure, Data Tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T16:20:14.324Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33186"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33186"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5724"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-33186",
    "datePublished": "2025-11-11T16:20:14.324Z",
    "dateReserved": "2025-04-15T18:51:03.728Z",
    "dateUpdated": "2025-11-14T17:39:09.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-33186",
      "date": "2026-06-06",
      "epss": "0.00038",
      "percentile": "0.11896"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-33186\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2025-11-11T17:15:50.687\",\"lastModified\":\"2025-11-12T16:19:34.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2025-33186\",\"source\":\"psirt@nvidia.com\"},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5724\",\"source\":\"psirt@nvidia.com\"},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2025-33186\",\"source\":\"psirt@nvidia.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-33186\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-14T17:39:03.923959Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-14T17:39:06.735Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Escalation of Privileges, Information Disclosure, Data Tampering\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"AuthN component of NVIDIA AIStore\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions prior to 3.31\"}], \"platforms\": [\"All\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2025-33186\"}, {\"url\": \"https://www.cve.org/CVERecord?id=CVE-2025-33186\"}, {\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5724\"}], \"x_generator\": {\"engine\": \"NVIDIA PSIRT\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.\", \"base64\": true}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2025-11-11T16:20:14.324Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-33186\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-14T17:39:09.718Z\", \"dateReserved\": \"2025-04-15T18:51:03.728Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2025-11-11T16:20:14.324Z\", \"assignerShortName\": \"nvidia\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2025-14824

Vulnerability from fstec - Published: 10.11.2025

Title

Уязвимость компонента AuthN системы распределённого хранения данных для приложений на основе искусственного интеллекта NVIDIA AIStore, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации

Description

Уязвимость компонента AuthN системы распределённого хранения данных для приложений на основе искусственного интеллекта NVIDIA AIStore связана с использованием предустановленных учетных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и получить несанкционированный доступ к защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

NVIDIA Corp.

Software Name

AIStore

Software Version

до 3.31 (AIStore)

Possible Mitigations

Использование рекомендаций производителя: https://nvidia.custhelp.com/app/answers/detail/a_id/5724

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-33186 https://nvidia.custhelp.com/app/answers/detail/a_id/5724 https://www.cve.org/CVERecord?id=CVE-2025-33186

CWE

CWE-798

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "NVIDIA Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 3.31 (AIStore)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5724",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.12.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-14824",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-33186",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "AIStore",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 AuthN \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 NVIDIA AIStore, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e  \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0416\u0435\u0441\u0442\u043a\u043e\u0435 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-798)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 AuthN \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 NVIDIA AIStore \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u0435\u0434\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2025-33186\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5724\t\nhttps://www.cve.org/CVERecord?id=CVE-2025-33186",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-798",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

FKIE_CVE-2025-33186

Vulnerability from fkie_nvd - Published: 2025-11-11 17:15 - Updated: 2026-04-15 00:35

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.

References

	URL	Tags
	psirt@nvidia.com	https://nvd.nist.gov/vuln/detail/CVE-2025-33186
	psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5724
	psirt@nvidia.com	https://www.cve.org/CVERecord?id=CVE-2025-33186

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering."
    }
  ],
  "id": "CVE-2025-33186",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@nvidia.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-11T17:15:50.687",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33186"
    },
    {
      "source": "psirt@nvidia.com",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5724"
    },
    {
      "source": "psirt@nvidia.com",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33186"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "psirt@nvidia.com",
      "type": "Secondary"
    }
  ]
}

GHSA-6RPR-XQJW-QR53

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30

Details

NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-33186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T17:15:50Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.",
  "id": "GHSA-6rpr-xqjw-qr53",
  "modified": "2025-11-11T18:30:20Z",
  "published": "2025-11-11T18:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33186"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5724"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33186"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2025-1675

Vulnerability from csaf_certbund - Published: 2025-07-29 22:00 - Updated: 2025-11-11 23:00

Summary

IBM DB2: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen, und um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2024-49828

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2024-51473

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2024-52894

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-24970

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-2533

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-33114

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-33143

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-33186

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-36010

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-36071

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

CVE-2025-33092

Affected products

Known affected 8 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1`	Key Lifecycle Manager 4.2.1
IBM Tivoli Business Service Manager 6.2.0 IBM / Tivoli Business Service Manager	`cpe:/a:ibm:tivoli_business_service_manager:6.2.0`	6.2.0
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
IBM Security Guardium Key Lifecycle Manager 4.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1`	Key Lifecycle Manager 4.1
IBM Security Guardium Key Lifecycle Manager 4.2 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2`	Key Lifecycle Manager 4.2
IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1`	Key Lifecycle Manager 4.1.1
IBM Security Guardium Key Lifecycle Manager 5.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0`	Key Lifecycle Manager 5.0

References

15 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7240955	external
https://www.ibm.com/support/pages/node/7240943	external
https://www.ibm.com/support/pages/node/7240944	external
https://www.ibm.com/support/pages/node/7240945	external
https://www.ibm.com/support/pages/node/7240947	external
https://www.ibm.com/support/pages/node/7240949	external
https://www.ibm.com/support/pages/node/7240951	external
https://www.ibm.com/support/pages/node/7240952	external
https://www.ibm.com/support/pages/node/7240953	external
https://www.ibm.com/support/pages/node/7240940	external
https://www.ibm.com/support/pages/node/7242144	external
https://support.hcl-software.com/csm?id=kb_articl…	external
https://www.ibm.com/support/pages/node/7249214	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, und um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1675 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1675.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1675 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1675"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240955"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240943"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240944"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240945"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240947"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240949"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240951"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240952"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240953"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-07-29",
        "url": "https://www.ibm.com/support/pages/node/7240940"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7242144 vom 2025-08-14",
        "url": "https://www.ibm.com/support/pages/node/7242144"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-10-24",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123933"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7249214 vom 2025-10-27",
        "url": "https://www.ibm.com/support/pages/node/7249214"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-11T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-12T06:47:54.423+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1675",
      "initial_release_date": "2025-07-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-08-13T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-10-26T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von HCL und IBM aufgenommen"
        },
        {
          "date": "2025-11-11T23:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-93533"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HCL Commerce",
            "product": {
              "name": "HCL Commerce",
              "product_id": "T019294",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltechsw:commerce:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "T045745",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Key Lifecycle Manager 4.1",
                "product": {
                  "name": "IBM Security Guardium Key Lifecycle Manager 4.1",
                  "product_id": "T021031",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Key Lifecycle Manager 4.2",
                "product": {
                  "name": "IBM Security Guardium Key Lifecycle Manager 4.2",
                  "product_id": "T027545",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Key Lifecycle Manager 4.1.1",
                "product": {
                  "name": "IBM Security Guardium Key Lifecycle Manager 4.1.1",
                  "product_id": "T029696",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.1.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Key Lifecycle Manager 4.2.1",
                "product": {
                  "name": "IBM Security Guardium Key Lifecycle Manager 4.2.1",
                  "product_id": "T032873",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_4.2.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Key Lifecycle Manager 5.0",
                "product": {
                  "name": "IBM Security Guardium Key Lifecycle Manager 5.0",
                  "product_id": "T044420",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:key_lifecycle_manager_5.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.2.0",
                "product": {
                  "name": "IBM Tivoli Business Service Manager 6.2.0",
                  "product_id": "T014092",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Business Service Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-49828",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2024-49828"
    },
    {
      "cve": "CVE-2024-51473",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2024-51473"
    },
    {
      "cve": "CVE-2024-52894",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2024-52894"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    },
    {
      "cve": "CVE-2025-2533",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-2533"
    },
    {
      "cve": "CVE-2025-33114",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-33114"
    },
    {
      "cve": "CVE-2025-33143",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-33143"
    },
    {
      "cve": "CVE-2025-33186",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-33186"
    },
    {
      "cve": "CVE-2025-36010",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-36010"
    },
    {
      "cve": "CVE-2025-36071",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-36071"
    },
    {
      "cve": "CVE-2025-33092",
      "product_status": {
        "known_affected": [
          "T045745",
          "T032873",
          "T014092",
          "T019294",
          "T021031",
          "T027545",
          "T029696",
          "T044420"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-33092"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-33186 (GCVE-0-2025-33186)

BDU:2025-14824

FKIE_CVE-2025-33186

GHSA-6RPR-XQJW-QR53

WID-SEC-W-2025-1675

Tags

Sightings

Nomenclature