Login Sign Up

CVE-2025-33076

8.8 HIGH
Buffer Overflow

📋 TL;DR

A local user can exploit a stack-based buffer overflow in IBM Engineering Systems Design Rhapsody to execute arbitrary code on the system. This affects versions 9.0.2, 10.0, and 10.0.1 of the software.

💻 Affected Systems

Products:
  • IBM Engineering Systems Design Rhapsody
Versions: 9.0.2, 10.0, 10.0.1
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default.

📦 What is this software?

Engineering Systems Design Rhapsody by Ibm

View all CVEs affecting Engineering Systems Design Rhapsody →

Engineering Systems Design Rhapsody by Ibm

View all CVEs affecting Engineering Systems Design Rhapsody →

Engineering Systems Design Rhapsody by Ibm

View all CVEs affecting Engineering Systems Design Rhapsody →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive engineering data and system resources.

🟢

If Mitigated

Limited impact if proper access controls and least privilege principles are enforced.

🌐 Internet-Facing: LOW (requires local access to exploit)
🏢 Internal Only: HIGH (local users can exploit to gain elevated privileges)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local user access and knowledge of buffer overflow exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade to version 10.0.2

Vendor Advisory: https://www.ibm.com/support/pages/node/7240368

Restart Required: Yes

Instructions:

1. Download the interim fix from IBM Support
2. Stop Rhapsody services
3. Apply the patch
4. Restart services
5. Verify successful installation

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to systems running vulnerable Rhapsody versions

Apply Least Privilege

all

Ensure users only have necessary permissions to reduce impact of exploitation

🧯 If You Can't Patch

  • Isolate affected systems from critical networks
  • Implement strict access controls and monitoring for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Rhapsody version via Help > About in the application or examine installation directory version files

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Rhapsody\Version. On Linux: Check /opt/IBM/Rhapsody/version.txt

Verify Fix Applied:

Verify version is no longer 9.0.2, 10.0, or 10.0.1 and check for applied interim fixes

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Rhapsody executables
  • Access violations or buffer overflow errors in application logs
  • Unexpected privilege escalation events

Network Indicators:

  • Unusual outbound connections from Rhapsody systems

SIEM Query:

Process creation where parent_process contains 'rhapsody' AND (process contains 'cmd.exe' OR process contains 'powershell.exe' OR process contains 'bash')

📊 Metadata

CVE ID: CVE-2025-33076
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.05% exploit probability (15.5th percentile)
Published: July 23, 2025
Last Updated: August 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33076, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)