CVE-2025-14988 CRITICAL

CVE-2025-14988: Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA

Vendor Iba Systems
Product ibaPDA
Weakness CWE-732
Published January 27, 2026
Last update January 27, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system.

Key dates

02Disclosure timeline

January 27, 2026 CVE published
January 27, 2026 Record updated