Stack-based Buffer Overflow in IBM Engineering Systems Design Rhapsody
CVE-2025-33076

8.8HIGH

Key Information:

Vendor: IBM
Status: Engineering Systems Design Rhapsody
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-33076?

IBM Engineering Systems Design Rhapsody versions 9.0.2, 10.0, and 10.0.1 are exposed to a stack-based buffer overflow vulnerability due to inadequate bounds checking. This flaw allows local users to potentially overflow the buffer, leading to arbitrary code execution on affected systems. It is essential for users of these versions to assess their security posture and apply recommended updates to mitigate risks.

Affected Version(s)

Engineering Systems Design Rhapsody 9.0.2, 10.0, 10.0.1

References

https://www.ibm.com/support/pages/node/7240368

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 15, 2025