CVE-2025-33122
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-07-03
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | i | 7.2 |
| ibm | i | 7.3 |
| ibm | i | 7.4 |
| ibm | i | 7.5 |
| ibm | i | 7.6 |
| ibm | i | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in IBM Advanced Job Scheduler for IBM i versions 7.2 through 7.6. It allows a user who can compile or restore a program to gain elevated privileges due to an unqualified library call (CWE-427). A malicious actor could exploit this to execute user-controlled code with administrator-level privileges. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker with low privileges to execute code with administrator privileges remotely, potentially compromising confidentiality, integrity, and availability of the affected system. This could lead to unauthorized access, data breaches, or disruption of services. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the Program Temporary Fix (PTF) identified as SJ05929 for the 5770-JS1 product on all affected IBM i versions (7.2 through 7.6). IBM strongly recommends upgrading unsupported versions to supported and fixed versions. No other workarounds or mitigations are available aside from applying this PTF. [1]