CVE-2025-13375 PUBLISHED

IBM Common Cryptographic Architecture Arbitrary Command Execution

Assigner: ibm
Reserved: 18.11.2025 Published: 04.02.2026 Updated: 04.02.2026

IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Common Cryptographic Architecture
Versions	Default: unaffected Version 7.5.52 is affected Version 8.4.82 is affected

Vendor	IBM
Product	IBM 4769 Developers Toolkit
Versions	Default: unaffected Version 7.5.52 is affected

Solutions

IBM strongly recommends addressing the vulnerability now by upgrading:

Product(s)Fixed Version(s)CCA 7 MTM for 4769

7.5.53

CCA 8 MTM for 4770

8.4.84

IBM 4769 Developers Toolkit

7.5.53

References

https://www.ibm.com/support/pages/node/7259625

Problem Types

CWE-250 CWE