Security update: Malicious code vulnerabilities threaten HCL Domino
Because one component is vulnerable, attackers can attack PCs with HCL Domino. So far there have been no reports of attacks.
(Image: Tatiana Popova/Shutterstock.com)
Admins should quickly secure their instances with the HCL Domino application development system against possible attacks. If this is not done, malicious code can compromise systems.
Install a security patch
Videos by heise
According to a warning message, the developers have closed two security vulnerabilities (CVE-2025-53630, risk “high”; CVE-2025-49847, risk “high”). Both vulnerabilities can be found in the open source component llama.cpp for handling large language models (LLM). In the context of the vocabulary loading code, attackers can trigger memory errors and, in the worst case, execute their code. This usually leads to computers being completely compromised.
The developers state that HCL Domino 14.5 is affected. The DominoIQ release 0825 (LlamaServerforDominoIQ_0825) is said to be protected against the attacks described.
The HCL developers last closed vulnerabilities in the application development system in May of this year.
(des)
