IBM Support

IBM SPSS Modeler Updates Netty Components to Address Published CVEs in Versions 18.4, 18.5, 18.6, and 19.0

General Page

IBM SPSS Modeler includes Netty components that are affected by CVE-2024-47535 and CVE-2025-25193. Updated product builds are available for IBM SPSS Modeler versions 18.4, 18.5, 18.6, and 19.0 on Windows. This technote summarizes the issue, identifies affected versions and platforms, and provides verification details for the updated Netty runtime libraries.

Problem

A security review identified vulnerabilities affecting Netty libraries used by IBM SPSS Modeler. To address the reported CVEs, Netty components have been upgraded to version 4.1.119.Final across supported product releases.

The following CVEs are addressed:

  • CVE-2024-47535
  • CVE-2025-25193

Although the reported vulnerabilities primarily affect the netty-common library, IBM recommends updating the complete Netty component set to maintain compatibility and ensure a consistent runtime environment.

Affected Versions

  • IBM SPSS Modeler 18.4
  • IBM SPSS Modeler 18.5
  • IBM SPSS Modeler 18.6
  • IBM SPSS Modeler 19.0

Affected Platform

  • Windows

Prerequisites

  • IBM SPSS Modeler Client or IBM SPSS Modeler Server version 18.4, 18.5, 18.6, or 19.0 must be installed on Windows.
  • Stop all running instances of IBM SPSS Modeler and IBM SPSS Modeler Server before applying the update.
  • If IBM SPSS Modeler is configured to use a remote IBM SPSS Modeler Server, the update must be applied to both the client and server installations.

Verification Details

IBM SPSS Modeler 19.0 on Windows

Applies to

  • IBM SPSS Modeler Client 19.0
  • IBM SPSS Modeler Server 19.0

Installation Paths

  • <installation_path>\spark\jars
  • <installation_path>\spark\external-jars

Update the following Netty JAR files from 4.1.100.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-resolver
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-unix-common

Update Procedure

  1. Stop all running instances of IBM SPSS Modeler and IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in all installation paths listed above.
  5. Restart the application or server and verify that the updated JAR files are present.

IBM SPSS Modeler 18.6 on Windows

Applies to

  • IBM SPSS Modeler Client 18.6
  • IBM SPSS Modeler Server 18.6

Installation Path

  • <installation_path>\spark\jars

Update the following Netty JAR files from 4.1.108.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-codec-http
  • netty-codec-http2
  • netty-codec-socks
  • netty-common
  • netty-handler
  • netty-handler-proxy
  • netty-resolver
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-epoll
  • netty-transport-native-kqueue
  • netty-transport-native-unix-common

Update Procedure

  1. Stop all running instances of IBM SPSS Modeler and IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in the installation path listed above.
  5. Restart the application or server and verify that the updated JAR files are present.

IBM SPSS Modeler 18.5 on Windows

Applies to

  • IBM SPSS Modeler Client 18.5
  • IBM SPSS Modeler Server 18.5

Installation Path

  • <installation_path>\spark\jars

Update the following Netty JAR files from 4.1.100.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-codec-http
  • netty-codec-http2
  • netty-codec-socks
  • netty-common
  • netty-handler
  • netty-handler-proxy
  • netty-resolver
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-epoll
  • netty-transport-native-kqueue
  • netty-transport-native-unix-common

Update Procedure

  1. Stop all running instances of IBM SPSS Modeler and IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in the installation path listed above.
  5. Restart the application or server and verify that the updated JAR files are present.

IBM SPSS Modeler 18.4 on Windows

Applies to

  • IBM SPSS Modeler Client 18.4
  • IBM SPSS Modeler Server 18.4

Installation Path

  • <installation_path>\spark\jars

Update the following Netty JAR files from 4.1.77.Final to 4.1.119.Final:

  • netty-all
  • netty-buffer
  • netty-codec
  • netty-codec-dns
  • netty-codec-haproxy
  • netty-codec-http
  • netty-codec-http2
  • netty-codec-memcache
  • netty-codec-mqtt
  • netty-codec-redis
  • netty-codec-smtp
  • netty-codec-socks
  • netty-codec-stomp
  • netty-codec-xml
  • netty-common
  • netty-handler
  • netty-handler-proxy
  • netty-resolver
  • netty-resolver-dns
  • netty-resolver-dns-classes-macos
  • netty-resolver-dns-native-macos
  • netty-transport
  • netty-transport-classes-epoll
  • netty-transport-classes-kqueue
  • netty-transport-native-epoll
  • netty-transport-native-kqueue
  • netty-transport-native-unix-common
  • netty-transport-rxtx
  • netty-transport-sctp
  • netty-transport-udt

Update Procedure

  1. Stop all running instances of IBM SPSS Modeler and IBM SPSS Modeler Server.
  2. Back up the existing Netty JAR files.
  3. Download the corresponding version 4.1.119.Final JAR files from Maven Central.
  4. Replace the existing JAR files in the installation path listed above.
  5. Restart the application or server and verify that the updated JAR files are present.

Notes

  • For IBM SPSS Modeler 19.0, update the Netty JAR files in both the spark\jars and spark\external-jars directories.
  • For IBM SPSS Modeler 18.4, 18.5, and 18.6, update the Netty JAR files only in the spark\jars directory.
  • If IBM SPSS Modeler is configured to use a remote IBM SPSS Modeler Server, the update must be applied to both the client and server installations.
  • Replace only the Netty JAR files listed above. No other product files require modification.

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS3RA7","label":"IBM SPSS Modeler"},"ARM Category":[{"code":"a8m3p0000006xr6AAA","label":"SPSS Modeler"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18.4.0;18.5.0;18.6.0;19.0.0"}]

Document Information

Modified date:
15 June 2026

UID

ibm17276378

Page Feedback