CVE-2025-1095 in Personal Communications
Summary
by MITRE • 04/08/2025
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/13/2025
The vulnerability identified as CVE-2025-1095 affects IBM Personal Communications versions 14 and 15, representing a critical local privilege escalation flaw within the Windows service component of this terminal emulation software. This vulnerability specifically targets the service's improper handling of access controls and privilege management, creating a pathway for unauthorized users to gain SYSTEM-level privileges on affected systems. The flaw manifests through a service that fails to properly validate user permissions, allowing any interactively logged-in user to execute commands with full administrative privileges. This represents a significant security regression since the vulnerability stems from an incomplete remediation of a previously disclosed issue, CVE-2024-25029, indicating that the initial fix was insufficient to address all attack vectors within the service implementation.
The technical exploitation of this vulnerability occurs through the Windows service component that IBM Personal Communications installs on target systems, where the service operates with elevated privileges but fails to implement proper access control mechanisms. When an attacker successfully leverages this flaw, they can execute arbitrary code with NT AUTHORITY\SYSTEM context, effectively bypassing all standard Windows security controls and user access restrictions. The service's inadequate privilege checking allows for privilege escalation without requiring any additional attack vectors or complex exploitation techniques, making this vulnerability particularly dangerous in environments where multiple users have interactive access to systems. This type of vulnerability directly maps to CWE-269: "Improper Privilege Management" and falls under the ATT&CK technique T1068: "Local Port Forwarding" and T1059: "Command and Scripting Interpreter" when exploited for privilege escalation.
The operational impact of CVE-2025-1095 extends beyond simple privilege escalation, as it provides attackers with complete system compromise capabilities and persistent access to sensitive data and network resources. Organizations running affected versions of IBM Personal Communications face significant risk of data breaches, system infiltration, and potential lateral movement within their networks, as the compromised system can serve as a launching point for further attacks. The vulnerability affects any system where IBM Personal Communications is installed and running, particularly impacting enterprise environments where multiple users may have interactive access to terminals or workstations. The incomplete nature of the previous fix for CVE-2024-25029 suggests that the underlying service architecture may contain additional security flaws that require comprehensive remediation. Organizations should immediately implement mitigations including disabling the vulnerable service, applying the latest IBM patches, and monitoring for unauthorized access attempts. The vulnerability's presence in widely deployed terminal emulation software means that many enterprise systems may be exposed to this risk, particularly those with legacy systems or environments where patch management processes are delayed or incomplete.