CVE-2025-33076

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7240368	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:engineering_systems_design_rhapsody:9.0.2:::::::*
	cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0:::::::*
	cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0.1:::::::*

History

07 Aug 2025, 14:41

Type	Values Removed	Values Added
Summary		(es) IBM Engineering Systems Design Rhapsody 9.0.2, 10.0 y 10.0.1 es vulnerable a un desbordamiento de búfer basado en la pila, causado por una comprobación incorrecta de los límites. Un usuario local podría desbordar el búfer y ejecutar código arbitrario en el sistema.
References	~~() https://www.ibm.com/support/pages/node/7240368 -~~	() https://www.ibm.com/support/pages/node/7240368 - Vendor Advisory
CPE		cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0:::::::* cpe:2.3:a:ibm:engineering_systems_design_rhapsody:9.0.2:::::::* cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0.1:::::::*
First Time		Ibm Ibm engineering Systems Design Rhapsody

23 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-23 15:15

Updated : 2025-08-07 14:41

NVD link : CVE-2025-33076

Mitre link : CVE-2025-33076

CVE.ORG link : CVE-2025-33076

JSON object : View

Products Affected

ibm

engineering_systems_design_rhapsody

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.8 /10