CVE-2025-13375 – IBM Common Cryptographic Architecture Remote Code Execution Vulnerability

This patch addresses a critical vulnerability (CVE-2025-13375) affecting IBM Common Cryptographic Architecture (CCA), a framework used to provide cryptographic services and secure key management in enterprise systems. The issue stems from improper handling of certain inputs within the cryptographic processing functions.

An attacker who can interact with affected systems may exploit the flaw to execute arbitrary code within the cryptographic service environment. Successful exploitation could allow attackers to compromise cryptographic operations, manipulate secure transactions, or disrupt trusted security processes. CVE-2025-13375 carries a CVSS v3.1 score of 9.8 (Critical).

IBM released security updates that strengthen input validation and correct the processing logic within the affected cryptographic components. Systems running vulnerable versions remain exposed until the patched version of the software is applied.