SB2026012115 - Multiple vulnerabilities in IBM Voice Gateway
Published: January 21, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) Interpretation conflict (CVE-ID: CVE-2025-12816)
CWE-ID: CWE-436 - Interpretation Conflict
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass downstream cryptographic verification and security decisions.
The vulnerability exists due to incorrect validation of ASN.1 structures within the asn1.validate() function in forge/lib/asn1.js. A remote non-authenticated attacker can use specially crafted ASN.1 structures to desynchronize DER schema validations and bypass downstream cryptographic verification and security decisions.
2) Inefficient regular expression complexity (CVE-ID: CVE-2025-5889)
CWE-ID: CWE-1333 - Inefficient Regular Expression Complexity
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
3) Link following (CVE-ID: CVE-2025-54798)
CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CVSSv4: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to modify data on the system.
The vulnerability exists due to an insecure link following issue. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
4) Integer overflow (CVE-ID: CVE-2025-66030)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to integer overflow within the asn1.derToOid() function in forge/lib/asn1.js when parsing ASN.1 structures containing OIDs with oversized arcs. A remote attacker can construct a specially crafted ASN.1 object to spoof an OID and bypass downstream OID-based security decisions.
5) Uncontrolled recursion (CVE-ID: CVE-2025-66031)
CWE-ID: CWE-674 - Uncontrolled Recursion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion within the asn1.fromDer() function in forge/lib/asn1.js. A remote non-authenticated attacker can pass specially crafted deep ASN.1 structures to trigger unbounded recursive parsing and perform a denial of service attack.
Remediation
Install update from vendor's website.