IBM AIX/VIOS and DataPower Gateway Critical Vulnerabilities Allow Local Code Execution

Описание: IBM AIX/VIOS and DataPower Gateway Critical Vulnerabilities: Perl Flaw CVE-2025-33112 and Linux Kernel Issues Allow Local Code Execution

IBM AIX/VIOS contains Perl implementation vulnerability CVE-2025-33112 allowing local attackers to execute malicious code via insufficient path name input sanitization. DataPower Gateway versions 10.6.1.0-10.6.3.0 affected by multiple Linux kernel vulnerabilities including high-severity CVE-2024-26704. Successful exploitation leads to full system compromise; fixes available in DataPower Gateway 10.6.4.0.

#IBMAIX #IBMDataPowerGateway #CVE202533112 #CVE202426704 #PerlVulnerability #LinuxKernelVulnerability #IBMSecurity #UnixSecurity #LocalCodeExecution #SystemCompromise #SecurityPatches #IBMUpdates #PathTraversalAttack #InputSanitization #HighSeverityVulnerability #EnterpriseSystemSecurity #CyberSecurity #InfoSec #VIOS #IntegrationPlatform


Technical Details:
• Affected Products: IBM AIX/VIOS, IBM DataPower Gateway
• Key Vulnerabilities: CVE-2025-33112 (Perl flaw), CVE-2024-26704 (Linux kernel)
• Affected DataPower Versions: 10.6.1.0 through 10.6.3.0
• Fixed DataPower Version: 10.6.4.0
• Attack Vector: Local access required
• Impact: Malicious code execution, full system compromise
• Severity: High (multiple vulnerabilities)
• Current Status: No reported attacks in the wild