CVE-2025-3473
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-08-13
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | guardium_data_protection | 11.5 |
| ibm | guardium_data_protection | 12.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-277 | A product defines a set of insecure permissions that are inherited by objects that are created by the program. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Security Guardium 12.1 involves insecure inherited permissions created by the software. It allows a local privileged user to escalate their privileges to root, meaning they can gain full control over the system. The issue is classified as CWE-277: Insecure Inherited Permissions. [1]
How can this vulnerability impact me? :
An attacker with local privileged access could exploit this vulnerability to gain root-level privileges, leading to full control over the affected system. This can result in high impacts on confidentiality, integrity, and availability of data and system resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to promptly update IBM Guardium Data Protection to version 12.1 where the fix has been released. No workarounds or other mitigations are available. [1]