Multiple vulnerabilities in IBM Power HMC
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 |
| CWE-ID | CWE-116 CWE-254 CWE-399 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
IBM Power Hardware Management Console (HMC) Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper Encoding or Escaping of Output
EUVDB-ID: #VU112731
Risk: High
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-47252
CWE-ID:
CWE-116 - Improper Encoding or Escaping of Output
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate data in log files.
The vulnerability exists due to improper input validation in mod_ssl. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files. A remote attacker can manipulate contents of log files.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Power Hardware Management Console (HMC): 10.3.1050.0
CPE2.3 External linkshttps://www.ibm.com/support/pages/node/7252038
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security features bypass
EUVDB-ID: #VU112730
Risk: Medium
CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2025-23048
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to access control bypass with session resumption in mod_ssl. A remote attacker can use the TLS 1.3 session resumption to bypass implemented access control.
Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Power Hardware Management Console (HMC): 10.3.1050.0
CPE2.3 External linkshttps://www.ibm.com/support/pages/node/7252038
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Resource management error
EUVDB-ID: #VU112729
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-49630
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in mod_proxy_http2. A remote attacker can send specially crafted requests to the server and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that the reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Power Hardware Management Console (HMC): 10.3.1050.0
CPE2.3 External linkshttps://www.ibm.com/support/pages/node/7252038
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
