Home Innovation IBM IBM Addresses Over 100 Vulnera...

IBM Addresses Over 100 Vulnerabilities, Including Critical Security Flaws in Products

IBM

Business Honor
11 December, 2025

Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies.

IBM has announced that 100 plus security updates across its product family have been released to resolve 100 plus vulnerabilities of which, numerous are identified as critical. There is multiple security vulnerabilities associated with 3rd Party Dependencies concerning IBM's products and as such their security extends beyond IBM's product line into the industry. The storage defender has received 6 critical severity patches that directly impact the data protect component of storage defender used by all IBM storage customers. The consequences from exploiting those vulnerabilities may lead to Denial of Service (DoS) attacks, memory corruption, arbitrary file overwrite and crashing applications. These types of vulnerabilities reflect the risks associated with using third Party libraries and tools when utilizing security frameworks. The last major vulnerability is CVE-2025-48913, which is associated with how Apache Tomcat Server was implemented by Guardium Data Protection.

A critical vulnerability has been resolved in IBM's Maximo Application Suite package. This vulnerability is related to the form-data library and allows malicious users to modify incoming parameters (through requests) and potentially cause instability within the application environment. In addition, IBM's Edge Data Collector has received a recent security update correcting a critical SQL injection vulnerability found within the Django web framework. SQL injection vulnerabilities pose a significant risk to database security as they allow attackers to inject or execute arbitrary SQL code on the database and create unauthorized access to exfiltrating data.

The risks presented by these vulnerabilities include the possibility to execute commands, create Denial of Service (DoS) conditions, terminate running processes, and create unexpected application behavior. Consequently, these vulnerabilities place the overall application stability, security of data, and integrity of applications at risk. Additionally, IBM has released security patches for several products, including IBM Db2 and its Corosync library, addressing multiple critical, high, and medium-severity vulnerabilities. Ultimately, these security updates reflect IBM's continued commitment to improving the security of its products and providing solutions to its customers' potential threats.