Stack-Based Buffer Overflow in IBM Engineering Systems Design Rhapsody
CVE-2025-33077

8.8HIGH

Key Information:

Vendor: IBM
Status: Engineering Systems Design Rhapsody
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-33077?

IBM Engineering Systems Design Rhapsody versions 9.0.2, 10.0, and 10.0.1 have been identified with a notable stack-based buffer overflow vulnerability. This weakness arises from improper bounds checking, allowing a local user to exploit the buffer overflow effectively. By doing so, the user could potentially execute arbitrary code, posing significant risks to system integrity and security.

Affected Version(s)

Engineering Systems Design Rhapsody 9.0.2, 10.0, 10.0.1

References

https://www.ibm.com/support/pages/node/7240375

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 15, 2025