Security vulnerabilities: IBM Guardium Data Protection as gateway for attackers
Due to several vulnerabilities, data leaks may occur in the context of IBM Guardium Data Protection. Updates provide a remedy.
(Image: Afanasev Ivan/Shutterstock.com)
IBM Guardium Data Protection is designed to ensure that business data, including cloud services, is stored securely. However, attackers can now use several security vulnerabilities to attack systems.
Security problems
The developers list the vulnerabilities in a warning message. The majority of the vulnerabilities are classified as “medium”. In these cases, attackers can remotely access information that is actually sealed off (CVE-2025-25025, CVE-2025-25029).
One vulnerability (CVE-2025-24970) has been assigned the threat level “high”. It affects the client-server framework Netty. Because the SslHandler does not sufficiently check incoming data, attackers can use crafted requests to exploit the vulnerability. If an attack succeeds, it triggers a crash.
Videos by heise
The developers assure us that they have closed the vulnerabilities with a fix for IBM Guardium Data Protection 12.0. So far, there have been no reports of attackers exploiting the vulnerabilities.
(des)
