Description
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
Published: 2025-07-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

The issue can be addressed by applying PTFs to IBM i. IBM i releases 7.6, 7.5, 7.4, 7.3. and 7.2 will be addressed. The IBM i 5770-SS1 PTF numbers listed below resolve the vulnerability. 7.6SJ05809 SJ05810 SJ05837 SJ05960 SJ06021 SJ06219 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05809 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05810 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05837 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05960 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06021 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06219 7.5SJ05838 SJ05847 SJ05850 SJ05851 SJ05953 SJ06022 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05838 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05847 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05850 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05851 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05953 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06022 7.4SJ05839 SJ05846 SJ05852 SJ05853 SJ05959 SJ06023 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05839 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05846 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05852 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05853 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05959 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06023 7.3SJ05840 SJ05845 SJ05854 SJ05855 SJ05966 SJ06477 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05840 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05845 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05854 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05855 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05966 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06477 7.2SJ05842 SJ05844 SJ05856 SJ05857 SJ05965 SJ06478 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05842 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05844 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05856 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05857 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05965 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06478

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-22521 IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
History

Sat, 28 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 Aug 2025 02:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*

Mon, 11 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*

Thu, 24 Jul 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm
Ibm i
Vendors & Products Ibm
Ibm i

Thu, 24 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 24 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Description IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
Title IBM i privilege escalation
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm I
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-02-26T17:50:15.484Z

Reserved: 2025-04-15T17:50:49.744Z

Link: CVE-2025-33109

cve-icon Vulnrichment

Updated: 2025-07-24T19:48:35.874Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-24T15:15:25.927

Modified: 2025-08-11T18:57:22.260

Link: CVE-2025-33109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-24T21:26:38Z

Weaknesses