CVE-2025-33111
📋 TL;DR
This vulnerability in IBM Controller and Cognos Controller allows authenticated attackers to potentially access sensitive information through race condition attacks on temporary file creation. It affects users running vulnerable versions of these IBM financial consolidation products. The issue stems from improper temporary file handling without atomic operations.
💻 Affected Systems
- IBM Controller
- IBM Cognos Controller
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker gains access to sensitive financial data, configuration files, or credentials stored in temporary files, potentially leading to data breach or privilege escalation.
Likely Case
Authenticated user with malicious intent accesses temporary files containing sensitive application data or configuration information.
If Mitigated
Minimal impact with proper file permissions, monitoring, and network segmentation limiting access to temporary directories.
🎯 Exploit Status
Exploitation requires authenticated access and precise timing to win race conditions. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: IBM Controller 11.1.2; IBM Cognos Controller 11.0.2
Vendor Advisory: https://www.ibm.com/support/pages/node/7253273
Restart Required: Yes
Instructions:
1. Download the latest fix pack from IBM Fix Central. 2. Apply the fix pack following IBM's installation guide. 3. Restart the Controller services. 4. Verify the installation completed successfully.
🔧 Temporary Workarounds
Restrict temporary directory permissions
linuxSet strict permissions on temporary directories to prevent unauthorized access
chmod 700 /path/to/temp/dir
chown controller:controller /path/to/temp/dir
Monitor temporary file access
linuxImplement file system auditing on temporary directories
auditctl -w /path/to/temp/dir -p rwxa -k controller_temp_files
🧯 If You Can't Patch
- Implement strict access controls and monitoring on temporary directories
- Segment network to limit which users can access Controller systems
🔍 How to Verify
Check if Vulnerable:
Check the installed version of IBM Controller/Cognos Controller against affected version rangesCheck Version:
Check version in Controller web interface under Help > About, or examine installation logsVerify Fix Applied:
Verify the installed version is 11.1.2 or higher for Controller, or 11.0.2 or higher for Cognos Controller📡 Detection & Monitoring
Log Indicators:
- Multiple rapid file operations in temporary directories
- Unauthorized access attempts to temporary files
Network Indicators:
- Unusual patterns of authenticated user activity
SIEM Query:
source="controller_logs" AND (event="temp_file_access" OR event="file_race_condition")