CVE-2025-12985
Unknown Unknown - Not Provided
Privilege Escalation in IBM Licensing Operator via Misconfigured Permissions

Publication date: 2026-01-20

Last updated on: 2026-01-20

Assigner: IBM Corporation

Description
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-01-20
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12985
EUVD
EUVD-2026-3430
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
ibm license_service 4.2.18
ibm license_metric_tool 9.0.0
ibm license_metric_tool 9.0.1
ibm license_metric_tool 9.1.0
ibm license_metric_tool 9.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12985 is a high-severity privilege escalation vulnerability in the IBM Licensing Operator. It occurs because the operator incorrectly assigns permissions to security-critical files, such as /etc/passwd, giving them read-write group privileges. This misconfiguration allows a local attacker inside a container running the IBM Licensing Operator image to escalate their privileges to root. [1]

Impact Analysis

This vulnerability can allow a local attacker within a container running the IBM Licensing Operator image to gain root privileges. This means the attacker could fully control the container environment, potentially leading to unauthorized access, data manipulation, or disruption of services. [1]

Detection Guidance

You can detect this vulnerability by checking the permissions of security-critical files such as /etc/passwd inside the container running the IBM Licensing Operator image. Specifically, look for incorrect group read-write permissions on /etc/passwd. For example, run the command: ls -l /etc/passwd and verify if the group permissions include write access (e.g., -rw-rw-r--). If such permissions are present, the system is vulnerable. [1]

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade the IBM License Service to version 4.2.18 or later, where the issue has been fixed. Additionally, review and correct the permissions of critical files like /etc/passwd inside the container to remove inappropriate group write permissions. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12985. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart