{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1331", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-02-15T00:10:22.206Z", "datePublished": "2025-05-08T21:55:41.116Z", "dateUpdated": "2025-08-28T14:19:41.668Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"], "defaultStatus": "unaffected", "platforms": ["Linux"], "product": "CICS TX Standard", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1"}]}, {"cpes": ["cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*", "cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"], "defaultStatus": "unaffected", "platforms": ["Linux"], "product": "CICS TX Advanced", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.1"}, {"status": "affected", "version": "11.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1&nbsp;could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."}], "value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-242", "description": "CWE-242 Use of Inherently Dangerous Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-28T14:19:41.668Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7232923"}, {"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7232924"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. <br><br>IBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. <br>"}], "value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."}], "source": {"discovery": "UNKNOWN"}, "title": "IBM CICS TX code execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-09T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-1331"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-10T03:55:12.358Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1331", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-09T13:43:31.302095Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T13:43:39.444Z"}}], "cna": {"title": "IBM CICS TX code execution", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"], "vendor": "IBM", "product": "CICS TX Standard", "versions": [{"status": "affected", "version": "11.1"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*", "cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"], "vendor": "IBM", "product": "CICS TX Advanced", "versions": [{"status": "affected", "version": "10.1"}, {"status": "affected", "version": "11.1"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central.", "supportingMedia": [{"type": "text/html", "value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. <br><br>IBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. <br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7232923", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.ibm.com/support/pages/node/7232924", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.", "supportingMedia": [{"type": "text/html", "value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1&nbsp;could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-242", "description": "CWE-242 Use of Inherently Dangerous Function"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-28T14:19:41.668Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1331", "state": "PUBLISHED", "dateUpdated": "2025-08-28T14:19:41.668Z", "dateReserved": "2025-02-15T00:10:22.206Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-05-08T21:55:41.116Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*", "matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_1:*:*:standard:*:*:*", "matchCriteriaId": "02FE1FD1-BEB7-485B-8C4F-69BB0B364800", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_10:*:*:standard:*:*:*", "matchCriteriaId": "1EBA5FE4-2B16-4D6E-A52E-5614110E45C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_11:*:*:standard:*:*:*", "matchCriteriaId": "3FB7C53F-5384-4042-ABBE-AA255D96D387", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_12:*:*:standard:*:*:*", "matchCriteriaId": "6196BF21-4784-4847-AEED-0B5F3749A07D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_13:*:*:standard:*:*:*", "matchCriteriaId": "1F0D1169-6A66-4588-9BB7-B3898BF6306A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_14:*:*:standard:*:*:*", "matchCriteriaId": "7E7D1F83-B8B4-4710-A824-82FEE0DD7B80", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_15:*:*:standard:*:*:*", "matchCriteriaId": "F4353747-B2A2-44CF-BD15-A0FC108C71A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_16:*:*:standard:*:*:*", "matchCriteriaId": "D1ACC485-4989-4ADC-9923-35908C4E63D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_17:*:*:standard:*:*:*", "matchCriteriaId": "F410DA77-7FB6-47F4-97A7-AF3D725AF694", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_18:*:*:standard:*:*:*", "matchCriteriaId": "0147202F-5060-4B63-9914-9C18834E7F08", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_19:*:*:standard:*:*:*", "matchCriteriaId": "ACA1A661-525E-4BA0-8AEC-C8DB13F56289", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_2:*:*:standard:*:*:*", "matchCriteriaId": "630F214B-71DD-426B-94A7-656F300B51D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_20:*:*:standard:*:*:*", "matchCriteriaId": "92756083-B2B5-471A-B15D-F6DD13F5E7AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_21:*:*:standard:*:*:*", "matchCriteriaId": "B2962EF0-F3B6-4ED6-93C0-802905B8BB4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_22:*:*:standard:*:*:*", "matchCriteriaId": "63D2829D-7115-48DB-9365-9A2FF0138F32", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_23:*:*:standard:*:*:*", "matchCriteriaId": "D3A879A0-BAE4-4715-8C0D-80F03106536C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_24:*:*:standard:*:*:*", "matchCriteriaId": "3C8FB5E7-BF3F-44AE-890E-0E67D4EF6605", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_3:*:*:standard:*:*:*", "matchCriteriaId": "6164818E-D76D-4B89-B97A-837D204B765A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_4:*:*:standard:*:*:*", "matchCriteriaId": "B15AA178-3D88-42AD-8714-67B53900766C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_5:*:*:standard:*:*:*", "matchCriteriaId": "4096B83E-4FE3-44EE-AD25-F3C3CA8FD5B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_6:*:*:standard:*:*:*", "matchCriteriaId": "01459EE9-70B4-4009-97A5-6CF02D846BA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_7:*:*:standard:*:*:*", "matchCriteriaId": "4B79D8FE-7F05-44D0-AF61-1A66459FC154", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_8:*:*:standard:*:*:*", "matchCriteriaId": "30520211-E2D2-4885-B4D3-ACF92523BC1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_9:*:*:standard:*:*:*", "matchCriteriaId": "67835C0E-A8A6-40CE-801F-79AC3E61E854", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."}, {"lang": "es", "value": "IBM CICS TX Standard 11.1 e IBM CICS TX Advanced 10.1 y 11.1 podr\u00edan permitir que un usuario local ejecute c\u00f3digo arbitrario en el sistema debido al uso inseguro de la funci\u00f3n gets."}], "id": "CVE-2025-1331", "lastModified": "2025-06-05T14:29:03.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-05-08T22:15:18.320", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7232923"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7232924"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-242"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}