CVE Alert: CVE-2025-1994 - IBM - Cognos Command Center

CVE-2025-1994

HIGHNo exploitation known

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.

CVSS v3.1 (7.8)

AV LOCAL · AC LOW · PR LOW · UI NONE · S UNCHANGED

Vendor

IBM

Product

Cognos Command Center

Versions

10.2.4.1 | 10.2.5

CWE

CWE-242, CWE-242 Use of Inherently Dangerous Function

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published

2025-08-26T16:49:03.832Z

Updated

2025-08-26T17:35:50.942Z

cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*cpe:2.3:a:ibm:cognos_command_center:10.2.5:*:*:*:*:*:*:*

References

https://www.ibm.com/support/pages/node/7242159

AI Summary Analysis

Risk verdict

High risk: a local code-execution vulnerability in Cognos Command Center could allow a local user to run arbitrary code; there are no clear exploitation indicators at present, but remediation is urgently recommended.

Why this matters

The flaw enables full control over the hosting server if exploited, risking data exposure, integrity loss, and disruption of Cognos workflows. In enterprise deployments, an attacker with local access could install backdoors or pivot to adjacent systems within the same data centre or VLAN.

Most likely attack path

Exploitation is local with low attack complexity and low privileges required, and no user interaction. An adversary with a valid, local account on the Cognos host could trigger code execution via unsafe deserialization, potentially leading to persistence or post-exploitation activity on the server. Lateral movement would rely on subsequent local footholds rather than broad network reach.

Who is most exposed

Organisations running Cognos Command Center servers (especially in data centres or cloud-hosted IaaS with exposed admin interfaces) are at greatest risk, particularly where local access controls are weak or where service accounts have broad privileges.

Detection ideas

Unusual process trees originating from Cognos Command Center with elevated rights
Signs of deserialization activity or new binaries loaded into the Cognos process
Unexpected service creation or credential misuse on the Cognos host
Anomalous logon events or privilege-escalation attempts from local accounts
Deserialization-related exceptions in application logs

Mitigation and prioritisation

Apply IBM fixes: upgrade to Cognos Command Center 10.2.5 FP1 IF1 via Fix Central
Enforce least privilege for Cognos services; restrict interactive logon and limit local accounts
Segment networks and firewall Cognos hosts; limit access to trusted admin consoles
Enable enhanced logging for deserialization events and monitor for unusual process activity
Schedule patching in a test environment before production rollout; document change-control steps

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: cognos-command-center, CVE, cve-2025-1994, IBM, OSINT, threatintel