Remediation of CVE-2025-3355 and CVE-2025-3356

How To

Summary

The KT1 component of ITM/ITCAM Agents, (hereafter referred to as simply Agents), provides the ability to read from and write to the local file system.
This facility is utilised by features such as SDA, Self-Describing Agent, which ensures that updates to a product's application support files are automatically percolated throughout the ITM environment avoiding the administrative overhead of performing the updates manually at each RTEMS, the Hub and TEPS.
KT1 is also utilised by the tacmd utility subcommands getFile, putFile and executeCommand and by the ITCAM for Transactions T3 agent.

CVE-2025-3355 and CVE-2025-3356 suggest that the APIs could be exploited by a bad actor.
The vulnerability is avoided when an Agent is configured to use only TLS for communication.
This tech note explains how to configure the agents to use TLS and eliminate the vulnerability.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"ARM Category":[{"code":"a8m3p000000hBWRAA2","label":"ITM Security Configuration\/Certificate Management"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1.0;5.1.1;5.1.2;6.1.0;6.2.0;6.2.1;6.2.2;6.2.3;6.3.0;8.1.0;8.1.1;8.1.2;8.1.3;8.1.4"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

Remediation of CVE-2025-3355 and CVE-2025-3356

How To

Summary

Document Location

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?