Vulnerability Details
Basic Information
| Title | Security Bulletin: Vulnerability in HMC affects further privilege escalation (CVE-2025-1951) on Power HMC. |
|---|---|
| Type | ibm |
| Published | 2025-04-22T15:51:56 |
| Last Seen | 2025-04-22T18:56:24 |
| CVSS Score | 8.4 (HIGH) |
CVSS v3 Details
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-1951 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
Vulnerability in HMC affects further privilege escalation on Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.
## Vulnerability Details
**CVEID:**CVE-2025-1951
**DESCRIPTION:** IBM Hardware Management Console – Power Systems could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
**CWE:**CWE-250: Execution with Unnecessary Privileges
**CVSS Source:** IBM
**CVSS Base score:** 8.4
**CVSS Vector:**(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
HMC V10.2.1030.0| V10.2.1030.0
HMC V10.3.1050.0| V10.3.1050.0
## Remediation/Fixes
The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/
Product | VRMF | APAR | Remediation/Fix
—|—|—|—
Power HMC | V10.2.1040.0 SP3 x86 | MB04482 | MF71717
Power HMC | V10.2.1040.0 SP3 ppc | MB04483 | MF71718
Power HMC | V10.3.1060.0 SP1 x86 | MB04484 | MF71719
Power HMC | V10.3.1060.0 SP1 ppc | MB04485 | MF71720
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 8.4 |
|---|---|
| Severity | HIGH |