CVE-2025-1994
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-09-02
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | cognos_command_center | 10.2.4.1 |
| ibm | cognos_command_center | 10.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-242 | The product calls a function that can never be guaranteed to work safely. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local arbitrary code execution issue due to unsafe use of the BinaryFormatter function in IBM Cognos Command Center versions 10.2.4.1 and 10.2.5. Detection involves verifying the installed version of IBM Cognos Command Center on your system to see if it matches the affected versions. There are no specific network detection commands or signatures provided. You can check the installed version by running commands appropriate to your operating system, such as querying installed packages or checking application version info. For example, on Windows, you might check the installed programs list or use PowerShell commands to get the version of IBM Cognos Command Center. On Linux, you might check the installation directory or use package management commands if applicable. No specific commands for detecting exploitation attempts or scanning for this vulnerability are provided. [1]
Can you explain this vulnerability to me?
CVE-2025-1994 is a vulnerability in IBM Cognos Command Center versions 10.2.4.1 and 10.2.5 that allows a local user to execute arbitrary code on the system. This happens because the software unsafely uses the BinaryFormatter function, which can be exploited to run malicious code with high impact on confidentiality, integrity, and availability. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system, potentially leading to full compromise. The attacker could gain high levels of access, affecting the confidentiality, integrity, and availability of the system and its data. [1]
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to upgrade IBM Cognos Command Center to version 10.2.5 FP1 IF1, which addresses this vulnerability. IBM does not provide any workarounds or other mitigations. Applying the official fix from IBM Fix Central is the immediate action to prevent exploitation of this vulnerability. [1]