IBM this week introduced fixes for greater than 100 vulnerabilities throughout its merchandise, together with a number of critical-severity bugs. Most of them have been in third-party dependencies.
Storage Defender acquired patches for six critical-severity defects, all affecting third-party elements in Knowledge Shield (which is included in Storage Defender).
The weaknesses may result in denial-of-service (DoS) situations, reminiscence corruption, arbitrary file overwrite, and utility crashes.
One other critical-severity vulnerability was addressed in IBM Guardium Knowledge Safety’s implementation of the Apache Tomcat server. The flaw, tracked as CVE-2025-48913, may result in code execution.
IBM additionally introduced a repair for a critical-severity bug within the form-data library utilized in Maximo Software Suite, which may permit attackers to inject parameters in requests.
Edge Knowledge Collector acquired patches for a essential SQL injection defect within the Django internet framework.
IBM additionally fastened dozens of vulnerabilities in Observability with Instana (OnPrem), together with essential bugs in Tomcat, libxml2, and WebKit that would result in command execution, DoS situations, course of crashes, and different sudden conduct.
A critical-severity challenge within the Corosync library was addressed with safety updates for IBM Db2. The weak point may result in a course of crash or arbitrary code execution, if encryption is disabled or the attacker is aware of the encryption key.Commercial. Scroll to proceed studying.
A number of high- and medium-severity flaws have been additionally patched throughout Content material Collector, DataPower Operations Dashboard, License Metric Software, Planning Analytics, Watsonx Subscription, InfoSphere Data Server, StreamSets, and Db2 for Linux, UNIX and Home windows.
Further info on these vulnerabilities and the corresponding patches may be discovered on IBM’s safety bulletins web page.
Associated: Fortinet Patches Crucial Authentication Bypass Vulnerabilities
Associated: Ivanti EPM Replace Patches Crucial Distant Code Execution Flaw
Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days
Associated: Adobe Patches Almost 140 Vulnerabilities
