IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.
Fixes

Solution

The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6, 7.5, 7.4, 7.3, 7.2 will be fixed. The IBM i 5770-TC1 PTF numbers listed below resolve the vulnerability. IBM i Release 5770-TC1 PTF Number PTF Download Link 7.6 SJ05513 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513 7.5 SJ05494 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494 7.4 SJ05505 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505 7.3 SJ05514 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514 7.2 SJ05525 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525


Workaround

No workaround given by the vendor.

History

Wed, 04 Jun 2025 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*

Mon, 19 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 17 May 2025 16:15:00 +0000

Type Values Removed Values Added
Description IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.
Title IBM i privilege escalation
First Time appeared Ibm
Ibm i
Weaknesses CWE-250
CPEs cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm i
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-26T15:06:05.252Z

Reserved: 2025-04-15T17:50:40.774Z

Link: CVE-2025-33103

cve-icon Vulnrichment

Updated: 2025-05-19T14:40:20.489Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-17T16:15:18.953

Modified: 2025-06-04T20:12:06.793

Link: CVE-2025-33103

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.