Do Son 
IBM has issued a critical security bulletin for its Common Cryptographic Architecture (CCA), a core component used to interface with the company’s high-security hardware modules. The vulnerability, tracked as CVE-2025-13375, carries a devastating CVSS score of 9.8, allowing unauthenticated attackers to seize control of the system with elevated privileges.
The flaw strikes at the heart of secure transaction processing. The CCA is the software bridge to the IBM Hardware Security Module (HSM), a device designed to safeguard digital keys and encrypt sensitive data.
The vulnerability “could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system,” effectively handing the keys to the kingdom to anyone who can reach the interface.
The impact is threefold, hitting the “confidentiality, integrity and availability” of both the cryptographic card and the applications that rely on it. In a worst-case scenario, an attacker could not only steal sensitive cryptographic keys but also disrupt critical financial or security operations.
The vulnerability affects specific versions of the CCA software running on IBM’s 4769 and 4770 cryptographic coprocessors.
- CCA 7 MTM for 4769: Version 7.5.52 is affected.
- CCA 8 MTM for 4770: Version 8.4.82 is affected.
- IBM 4769 Developers Toolkit: Version 7.5.52 is also vulnerable.
These systems run on a variety of platforms, including IBM AIX, IBM i, IBM PowerLinux, and Linux on Intel x86, meaning the blast radius of this vulnerability covers a wide range of enterprise environments.
IBM is urging customers to patch immediately. The company “strongly recommends addressing the vulnerability now by upgrading to the latest firmware levels”.
Fixed versions have been released for all affected platforms:
- For CCA 7 MTM for 4769, upgrade to version 7.5.53 (Firmware levels: segment-1: 7.0.80, segment-2: 7.5.53, segment-3: 7.5.53).
- For CCA 8 MTM for 4770, upgrade to version 8.4.84 (Firmware levels: segment-1: 8.0.90, segment-2: 8.4.84, segment-3: 8.4.84).
For IBM i users, the fix involves applying specific PTFs (Program Temporary Fixes) for the IBM CCA Service Provider and Cryptographic Device Manager, depending on the OS release (7.3 through 7.6).
Administrators responsible for these high-security modules should prioritize this update to prevent unauthorized command execution on their most sensitive infrastructure.
Related Posts:
- IBM created the worldβs smallest computer
- SSH Security Breach: Researchers Discover Vulnerability in Crypto Keys
- IBM Partners with Anthropic to Embed Claude AI in New Development Tools, Reporting 45% Productivity Boost
- IBM Completes Acquisition of HashiCorp, Ushering in New Era of Hybrid Cloud Automation
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
