Vulnerabilities: Rights extension possible in IBM Hardware Management Console
Attackers can exploit two software vulnerabilities in IBM Hardware Management Console. One vulnerability is considered critical.
(Image: AFANASEV IVAN/Shutterstock.com)
Important security patches have been released for IBM Hardware Management Console (HMC). Attackers could, among other things, execute malicious code as a privileged user. Security updates are available.
Admins manage IBM systems with an HMC appliance. A compromise can result in far-reaching damage.
The security vulnerabilities
In a warning message, the developers write that local attackers can exploit a “critical” vulnerability (CVE-2025-1950). Because libraries from sources that are not actually trustworthy are not sufficiently checked, malicious code can get onto systems.
By successfully exploiting the second vulnerability (CVE-2025-1951 “high”), local attackers can execute commands with extended rights, according to a report.
Videos by heise
Specifically, HMC V10.2.1030.0 and V10.3.1050.0 are at risk. In the warning messages, the developers list the fixes MF71717, MF71718, MF71719 and MF71720. So far, there have been no reports of attackers exploiting the vulnerabilities. It remains unclear how admins can recognize appliances that have already been attacked.
(des)
