CVE-2025-25032

Description

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

ibm / cognos_analytics11.2.0 – 11.2.0
ibm / cognos_analytics11.2.1 – 11.2.1
ibm / cognos_analytics11.2.2 – 11.2.2
ibm / cognos_analytics11.2.3 – 11.2.3
ibm / cognos_analytics11.2.4 – 11.2.4
ibm / cognos_analytics12.0.0 – 12.0.0
ibm / cognos_analytics12.0.1 – 12.0.1
ibm / cognos_analytics12.0.2 – 12.0.2
ibm / cognos_analytics12.0.3 – 12.0.3
ibm / cognos_analytics12.0.4 – 12.0.4

References

MISChttps://www.ibm.com/support/pages/node/7234674