CVE-2025-12985
Privilege Escalation in IBM Licensing Operator via Misconfigured Permissions
Publication date: 2026-01-20
Last updated on: 2026-01-20
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | license_service | 4.2.18 |
| ibm | license_metric_tool | 9.0.0 |
| ibm | license_metric_tool | 9.0.1 |
| ibm | license_metric_tool | 9.1.0 |
| ibm | license_metric_tool | 9.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12985 is a high-severity privilege escalation vulnerability in the IBM Licensing Operator. It occurs because the operator incorrectly assigns permissions to security-critical files, such as /etc/passwd, giving them read-write group privileges. This misconfiguration allows a local attacker inside a container running the IBM Licensing Operator image to escalate their privileges to root. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker within a container running the IBM Licensing Operator image to gain root privileges. This means the attacker could fully control the container environment, potentially leading to unauthorized access, data manipulation, or disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the permissions of security-critical files such as /etc/passwd inside the container running the IBM Licensing Operator image. Specifically, look for incorrect group read-write permissions on /etc/passwd. For example, run the command: ls -l /etc/passwd and verify if the group permissions include write access (e.g., -rw-rw-r--). If such permissions are present, the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade the IBM License Service to version 4.2.18 or later, where the issue has been fixed. Additionally, review and correct the permissions of critical files like /etc/passwd inside the container to remove inappropriate group write permissions. [1]