Vulnerabilities threaten IBM Installation Manager, Java Runtime & Co.
Important security updates have been released for IBM Java Runtime, among others.
(Image: Tatiana Popova/Shutterstock.com)
Attackers can target various software vulnerabilities in IBM Installation Manager, Java Runtime, Packaging Utility and Personal Communications (PCOMM). There are currently no reports of ongoing attacks. However, admins should not delay installing the security patches for too long.
Security patch fixed
In a warning message, the developers explain that the vulnerability (CVE-2025-1095 "high") in PCOMM affects the Windows Installer (MicroSoft Installer, MSI). A local attacker can use this to extend their rights. If an attack is successful, an attacker has system rights. In such a position, it is obvious that he can completely compromise PCs. How such an attack could work in detail is not yet known.
The developers assure us that they have closed the vulnerability in versions 14.0.8 and 15.0.3. This is a repaired security update. Last year, a patch did not reliably close the gap (CVE-2024-25029 "critical").
Malicious code attack possible
According to an article, Installation Manager, Java Runtime and Packaging Utility are vulnerable via two gaps (CVE-2025-1470 "medium", CVE-2025-1471 "high"). The brief description of the latter vulnerability reads as if attackers could trigger memory errors (buffer overflow) in an unspecified way. This usually leads to crashes. In such a context, however, malicious code can often get onto systems.
Here too, there is no further information on how attacks could take place and how admins can recognize attacks that have already taken place. The developers assure us that they have solved the security problem in version 1.9.3.1.
(des)
