IBM Tivoli Monitoring 6.3.0.7 SP19: Remote Code Exec via Array Index Validation
CVE-2025-3357 Published on May 28, 2025
IBM Tivoli Monitoring code execution
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
Vulnerability Analysis
CVE-2025-3357 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Products Associated with CVE-2025-3357
Want to know whenever a new CVE is published for IBM Tivoli Monitoring? stack.watch will email you.
Affected Versions
IBM Tivoli Monitoring:- Version 6.3.0.7, <= 6.3.0.7 SP15 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.