CVE-2025-1330 HIGH

CVE-2025-1330: IBM CICS TX code execution

Vendor Ibm

Product CICS TX Standard

Weakness CWE-787

Published May 8, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.

Key dates

02Disclosure timeline

May 8, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1330

Related vulnerabilities

04Related CVE

CVE-2018-25011 CVE-2024-23150 Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products CVE-2023-34264 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2021-21095 Adobe Bridge TTF Font Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution CVE-2024-30310 ZDI-CAN-23327: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Identifiers

CVE CVE-2025-1330

CWE CWE-787

CVSS 7.8 / HIGH

Affected versions

Vendor Ibm

Product CICS TX Standard

Affected 11.1

Vendor Ibm

Product CICS TX Advanced

Affected 10.1

Vendor Ibm

Product CICS TX Advanced

Affected 11.1