CVE-2025-3354 - Vulnerability Details

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00205.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

Tivoli Monitoring

unaffected

Version	Status	Constraints
`6.3.0.7`	affected	≤ 6.3.0.7 SP20

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8::::::
	cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9::::::

No data.

Subscriptions

Vendors	Products
Ibm Subscribe	Tivoli Monitoring Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-23845	IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Fixes

Solution

IBM strongly recommends addressing the vulnerability now by upgrading to 6.3.0.7-SP0021 6.3.0.7-TIV-ITM-SP0021 6.3.0.7 IBM Tivoli Monitoring Service Pack 6.3.0.7-TIV-ITM-SP0021

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7241472

History

Wed, 13 Aug 2025 18:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:::::: cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9::::::

Wed, 06 Aug 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 06 Aug 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
Title		IBM Tivoli Monitoring code execution
First Time appeared		Ibm Ibm tivoli Monitoring
Weaknesses		CWE-122
CPEs		cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:::::::* cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:service_pack_20::::::
Vendors & Products		Ibm Ibm tivoli Monitoring
References		https://www.ibm.com/support/pages/node/7241472
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-08-06T13:50:06.240Z

Updated: 2026-02-26T17:49:53.408Z

Reserved: 2025-04-06T20:57:16.315Z

Link: CVE-2025-3354

Vulnrichment

Updated: 2025-08-06T16:13:48.371Z

NVD

Status : Analyzed

Published: 2025-08-06T14:15:39.483

Modified: 2025-08-13T18:22:49.927

Link: CVE-2025-3354

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-122

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object