CVE-2025-33111 MEDIUM

CVE-2025-33111: IBM Controller Information Disclosure

Vendor Ibm
Product Controller
Weakness CWE-379
Published December 8, 2025
Last update December 9, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.

Key dates

02Disclosure timeline

December 8, 2025 CVE published
December 9, 2025 Record updated