CVE-2025-1994Use of Inherently Dangerous Function in IBM Cognos Command Center

CWE-242Use of Inherently Dangerous Function3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Command Center
Timeline
PublishedAug 26

Description

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/cognos_command_center10.2.4.1, 10.2.5+1
NVDibm/cognos_command_center10.2.4.1, 10.2.5+1

🔴Vulnerability Details

2
GHSA
GHSA-j666-4gr9-r4q4: IBM Cognos Command Center 102025-08-26
CVEList
IBM Cognos Command Center code execution2025-08-26
CVE-2025-1994 — Use of Inherently Dangerous Function | cvebase