CVE-2015-1925

IBM Tivoli Storage Manager FastBack < 6.1.12 - Stack-based Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-1925. PoCs published by damariion.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2015-1925, demonstrating a remote code execution (RCE) vulnerability. The exploit leverages a buffer overflow and ROP chain to bypass DEP/NX, delivering a reverse shell payload.

Description

Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.

Exploits (2)

nomisec WORKING POC
by damariion · poc
https://github.com/damariion/CVE-2015-1925.RCE

This repository contains a functional exploit for CVE-2015-1925, demonstrating a remote code execution (RCE) vulnerability. The exploit leverages a buffer overflow and ROP chain to bypass DEP/NX, delivering a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Unknown (likely a proprietary or legacy application given the port 11460 and custom protocol)
No auth needed
Prerequisites: Network access to the target on port 11460 · Target application must be vulnerable to the buffer overflow
devstral-2 · analyzed Apr 10, 2026 Full analysis →
nomisec WORKING POC
by damariion · poc
https://github.com/damariion/CVE-2015-1925

This repository contains a functional exploit for CVE-2015-1925, demonstrating a buffer overflow vulnerability in the target software. The exploit includes a ROP chain to bypass DEP/NX and a reverse shell payload, indicating a well-developed proof-of-concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Unknown (CVE-2015-1925)
No auth needed
Prerequisites: Network access to the target on port 11460
devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032773
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75449
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21959398
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-266

Scores

EPSS 0.0328
EPSS Percentile 86.8%

Details

CWE
CWE-119
Status published
Products (11)
ibm/tivoli_storage_manager_fastback 6.1.0.0
ibm/tivoli_storage_manager_fastback 6.1.1.0
ibm/tivoli_storage_manager_fastback 6.1.7.2
ibm/tivoli_storage_manager_fastback 6.1.8.0
ibm/tivoli_storage_manager_fastback 6.1.8.1
ibm/tivoli_storage_manager_fastback 6.1.9.0
ibm/tivoli_storage_manager_fastback 6.1.9.1
ibm/tivoli_storage_manager_fastback 6.1.10.0
ibm/tivoli_storage_manager_fastback 6.1.10.1
ibm/tivoli_storage_manager_fastback 6.1.11.0
... and 1 more
Published Jun 30, 2015
Tracked Since Feb 18, 2026