CVE-2025-1331

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ibmCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
ibmcics_tx
11.1.0.0
ibmcics_tx
11.1.0.0:interim_fix_1
ibmcics_tx
11.1.0.0:interim_fix_10
ibmcics_tx
11.1.0.0:interim_fix_11
ibmcics_tx
11.1.0.0:interim_fix_12
ibmcics_tx
11.1.0.0:interim_fix_13
ibmcics_tx
11.1.0.0:interim_fix_14
ibmcics_tx
11.1.0.0:interim_fix_15
ibmcics_tx
11.1.0.0:interim_fix_16
ibmcics_tx
11.1.0.0:interim_fix_17
ibmcics_tx
11.1.0.0:interim_fix_18
ibmcics_tx
11.1.0.0:interim_fix_19
ibmcics_tx
11.1.0.0:interim_fix_2
ibmcics_tx
11.1.0.0:interim_fix_20
ibmcics_tx
11.1.0.0:interim_fix_21
ibmcics_tx
11.1.0.0:interim_fix_22
ibmcics_tx
11.1.0.0:interim_fix_23
ibmcics_tx
11.1.0.0:interim_fix_24
ibmcics_tx
11.1.0.0:interim_fix_3
ibmcics_tx
11.1.0.0:interim_fix_4
ibmcics_tx
11.1.0.0:interim_fix_5
ibmcics_tx
11.1.0.0:interim_fix_6
ibmcics_tx
11.1.0.0:interim_fix_7
ibmcics_tx
11.1.0.0:interim_fix_8
ibmcics_tx
11.1.0.0:interim_fix_9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7232923
https://www.ibm.com/support/pages/node/7232924