Vulnerability Details CVE-2025-1095
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-1095
-
cpe:2.3:a:ibm:personal_communications:14.0.0
-
cpe:2.3:a:ibm:personal_communications:15.0.0
-
cpe:2.3:o:apple:macos:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-