cbcvebase.
CVE-2025-1095
published 2025-04-08

CVE-2025-1095: IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any…

PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.13%
2.8th percentile
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.

Affected

9 ranges
VendorProductVersion rangeFixed in
ibmpersonal_communications
ibmpersonal_communications
linuxlinux_kernel>= 6.14.0 < 6.17.46.17.4
msrccbl2_kernel_5.15.102.1-1_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_kernel_5.10.172.1-1_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.