IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
Fixes

Solution

The issue can be addressed by applying PTFs to IBM i. IBM i releases 7.6, 7.5, 7.4, 7.3. and 7.2 will be addressed. The IBM i 5770-SS1 PTF numbers listed below resolve the vulnerability. 7.6SJ05809 SJ05810 SJ05837 SJ05960 SJ06021 SJ06219 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05809 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05810 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05837 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05960 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06021 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06219 7.5SJ05838 SJ05847 SJ05850 SJ05851 SJ05953 SJ06022 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05838 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05847 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05850 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05851 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05953 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06022 7.4SJ05839 SJ05846 SJ05852 SJ05853 SJ05959 SJ06023 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05839 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05846 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05852 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05853 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05959 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06023 7.3SJ05840 SJ05845 SJ05854 SJ05855 SJ05966 SJ06477 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05840 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05845 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05854 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05855 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05966 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06477 7.2SJ05842 SJ05844 SJ05856 SJ05857 SJ05965 SJ06478 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05842 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05844 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05856 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05857 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05965 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ06478


Workaround

No workaround given by the vendor.

History

Mon, 18 Aug 2025 02:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*

Mon, 11 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*

Thu, 24 Jul 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Ibm
Ibm i
Vendors & Products Ibm
Ibm i

Thu, 24 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 24 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Description IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions.
Title IBM i privilege escalation
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-18T01:28:18.727Z

Reserved: 2025-04-15T17:50:49.744Z

Link: CVE-2025-33109

cve-icon Vulnrichment

Updated: 2025-07-24T19:48:35.874Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-24T15:15:25.927

Modified: 2025-08-11T18:57:22.260

Link: CVE-2025-33109

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-24T21:26:38Z