Vulnerability Details
Basic Information
| Title | Security Bulletin: Incorrect permission of environment variable (CVE-2025-1950) affects Power HMC |
|---|---|
| Type | ibm |
| Published | 2025-04-24T16:42:31 |
| Last Seen | 2025-04-24T18:56:28 |
| CVSS Score | 9.3 (CRITICAL) |
CVSS v3 Details
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-1950 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
Vulnerability is due to incorrect permission of environment variable results in privilege escalation on Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.
## Vulnerability Details
**CVEID:**CVE-2025-1950
**DESCRIPTION:** IBM Hardware Management Console – Power Systems could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
**CWE:**CWE-114: Process Control
**CVSS Source:** IBM
**CVSS Base score:** 9.3
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
HMC V10.2.1030.0| V10.2.1030.0
HMC V10.3.1050.0| V10.3.1050.0
## Remediation/Fixes
The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/
Product | VRMF | APAR | Remediation/Fix
—|—|—|—
Power HMC | V10.2.1040.0 SP3 x86 | MB04482 | MF71717
Power HMC | V10.2.1040.0 SP3 ppc | MB04483 | MF71718
Power HMC | V10.3.1060.0 SP1 x86 | MB04484 | MF71719
Power HMC | V10.3.1060.0 SP1 ppc | MB04485 | MF71720
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 9.3 |
|---|---|
| Severity | CRITICAL |