License Service: Privilege escalation vulnerability_CVE-2025-12985

8.4 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

Basic Information

ID CVE-2025-12985

Source ibm

Published Jan 20, 2026 at 14:50

Modified Jan 20, 2026 at 15:10

Affected Product

Vendor IBM

Product IBM Licensing Operator

Version 9.0.0

Affected Versions IBM IBM Licensing Operator 9.0.0
IBM IBM Licensing Operator 9.0.1
IBM IBM Licensing Operator 9.1.0
IBM IBM Licensing Operator 9.2.0

CWE Classification

CWE-732

References

www.ibm.com /support/pages/license-service-privilege-escalation-vulnerability

{
    "lastseen": "",
    "description": "IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.",
    "published": "2026-01-20T14:50:51.912Z",
    "modified": "2026-01-20T15:10:40.350Z",
    "type": "cve",
    "title": "License Service: Privilege escalation vulnerability",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/license-service-privilege-escalation-vulnerability",
    "id": "CVE-2025-12985",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "IBM IBM Licensing Operator 9.0.0\nIBM IBM Licensing Operator 9.0.1\nIBM IBM Licensing Operator 9.1.0\nIBM IBM Licensing Operator 9.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "IBM Licensing Operator",
    "version": "9.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}