CVE-2025-33108
BaseFortify
Publication date: 2025-06-14
Last updated on: 2025-08-20
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | i | 7.4 |
| ibm | i | 7.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Backup, Recovery, and Media Services (BRMS) for IBM i versions 7.4 and 7.5 is caused by an unqualified library call within a BRMS program. It allows a user who can compile or restore a program to gain elevated privileges. A malicious actor could exploit this flaw to execute user-controlled code with component-level access to the host operating system, leading to unauthorized execution with higher privileges than intended. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker with limited privileges to execute arbitrary code on the host operating system with elevated privileges. This can lead to unauthorized access, modification, or deletion of sensitive data, disruption of system availability, and compromise of system integrity, potentially causing significant harm to the affected environment. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the Program Temporary Fixes (PTFs) provided by IBM for IBM i releases 7.4 and 7.5. Specifically, apply PTF SJ05906 for version 7.4 and PTF SJ05907 for version 7.5 promptly to remediate the vulnerability. No workarounds or alternative mitigations are provided. [1]