Race Condition Vulnerability in IBM Controller and Cognos Controller
CVE-2025-33111

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Controller; Cognos Controller
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-33111?

IBM Controller versions 11.1.0 to 11.1.1 and IBM Cognos Controller versions 11.0.0 to 11.0.1 FP6 are susceptible to a race condition vulnerability. This issue allows for the creation of temporary files without atomic operations, potentially leading to exposure of sensitive information to authenticated users. Attackers leveraging this vulnerability can exploit the race condition to manipulate file access, which underscores the importance of timely patching and securing applications against such weaknesses.

Affected Version(s)

Cognos Controller 11.0.0 <= 11.0.1 FP6

Controller 11.1.0 <= 11.1.1

References

https://www.ibm.com/support/pages/node/7253273

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 15, 2025

JSON