CVE-2025-12985
Unknown Unknown - Not Provided

Privilege Escalation in IBM Licensing Operator via Misconfigured Permissions

Vulnerability report for CVE-2025-12985, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-20

Last updated on: 2026-01-20

Assigner: IBM Corporation

Description

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-20
Last Modified
2026-01-20
Generated
2026-07-06
AI Q&A
2026-01-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
ibm license_service 4.2.18
ibm license_metric_tool 9.0.0
ibm license_metric_tool 9.0.1
ibm license_metric_tool 9.1.0
ibm license_metric_tool 9.2.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-12985 is a high-severity privilege escalation vulnerability in the IBM Licensing Operator. It occurs because the operator incorrectly assigns permissions to security-critical files, such as /etc/passwd, giving them read-write group privileges. This misconfiguration allows a local attacker inside a container running the IBM Licensing Operator image to escalate their privileges to root. [1]

Impact Analysis

This vulnerability can allow a local attacker within a container running the IBM Licensing Operator image to gain root privileges. This means the attacker could fully control the container environment, potentially leading to unauthorized access, data manipulation, or disruption of services. [1]

Detection Guidance

You can detect this vulnerability by checking the permissions of security-critical files such as /etc/passwd inside the container running the IBM Licensing Operator image. Specifically, look for incorrect group read-write permissions on /etc/passwd. For example, run the command: ls -l /etc/passwd and verify if the group permissions include write access (e.g., -rw-rw-r--). If such permissions are present, the system is vulnerable. [1]

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade the IBM License Service to version 4.2.18 or later, where the issue has been fixed. Additionally, review and correct the permissions of critical files like /etc/passwd inside the container to remove inappropriate group write permissions. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12985. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart