CVE-2025-33135: IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities

Published Feb 9, 2026
·
Updated

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Other sources

The jackson-core package is vulnerable to a Denial of Service (DoS) attack. The methods in the classes listed below fail to restrict input size when performing numeric type conversions. A remote attacker can exploit this vulnerability by causing the application to deserialize data containing certain numeric types with large values. Deserializing many of the aforementioned objects may cause the application to exhaust all available resources, resulting in a DoS condition.

IBM

Affected Software

2 affected components
IBM Financial Transaction Manager for ACH Services and Check Services>=3.0.0.0<=3.0.5.4
IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform<=3.0.0.0 - 3.0.5.4 iFix 27

Remediation

Information

IBM strongly recommends addressing the vulnerability now. Affected Product(s) Resolved by VRMF Remediation / First Fix IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.5.4 iFix 28 FTM 3.0.5.4 iFix 28

Event History

Feb 9, 2026
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Feb 17, 2026
CVE Published
via MITRE·09:37 PM
Data Sourced
via MITRE·09:37 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·10:18 PM
DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-33135?

CVE-2025-33135 has been assigned a severity rating that indicates a high impact on the confidentiality, integrity, and availability of the impacted systems.

2

How do I fix CVE-2025-33135?

To fix CVE-2025-33135, upgrade IBM Financial Transaction Manager for ACH Services and Check Services to the latest version that addresses this vulnerability.

3

Which versions of IBM Financial Transaction Manager are affected by CVE-2025-33135?

CVE-2025-33135 affects versions from 3.0.0.0 to 3.0.5.4 Interim Fix 027 of IBM Financial Transaction Manager for ACH Services and Check Services.

4

What are the potential risks of CVE-2025-33135?

The risks associated with CVE-2025-33135 include unauthorized access to financial transaction data and potential disruption of service.

5

Is there a known exploit for CVE-2025-33135?

As of now, there are no publicly known exploits specific to CVE-2025-33135, but the vulnerabilities should be taken seriously and addressed promptly.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203