CVE-2025-1095 · CVEKit

cve.orgen

418 chars

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.

NVDen

418 chars

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.

NVDes

456 chars

IBM Personal Communications v14 y v15 incluyen un servicio de Windows vulnerable a la escalada de privilegios locales (LPE). Esta vulnerabilidad permite a cualquier usuario conectado interactivamente en el equipo objetivo ejecutar comandos con privilegios completos en el contexto de NT AUTHORITY\SYSTEM. Esto permite que un atacante con pocos privilegios escale sus privilegios. Esta vulnerabilidad se debe a una corrección incompleta para CVE-2024-25029.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H