{"id":647,"date":"2025-04-19T11:00:03","date_gmt":"2025-04-19T11:00:03","guid":{"rendered":"http:\/\/localhost\/?p=647"},"modified":"2025-04-19T11:00:03","modified_gmt":"2025-04-19T11:00:03","slug":"security-bulletin-ibm-i-is-vulnerable-to-a-privilege-escalation-due-to-incorrect-profile-swapping-in","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=647","title":{"rendered":"Security Bulletin: IBM i is vulnerable to a privilege escalation due to incorrect profile swapping in an OS command [CVE-2025-2947]."},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: IBM i is vulnerable to a privilege escalation due to incorrect profile swapping in an OS command [CVE-2025-2947].<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-17T16:59:03<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-17T19:08:23<\/td>\n<\/tr>\n
CVSS Score<\/th>\n7.2 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nHIGH<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2025-2947<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

IBM i contains a privilege escalation vulnerability due to incorrect swapping in an OS command as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation\/fixes section.<\/p>\n

## Vulnerability Details<\/p>\n

**CVEID:**CVE-2025-2947
\n**DESCRIPTION:** IBM i contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system.
\n**CWE:**CWE-278: Insecure Preserved Inherited Permissions
\n**CVSS Source:** IBM
\n**CVSS Base score:** 7.2
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H)<\/p>\n

## Affected Products and Versions<\/p>\n

Affected Product(s)| Version(s)
\n—|—
\nIBM i| 7.6 <\/p>\n

## Remediation\/Fixes<\/p>\n

The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6 will be fixed.<\/p>\n

The IBM i 5770-SS1 PTF number listed below resolves the vulnerability. <\/p>\n

IBM i Release| 5770-SS1
\nPTF Number| PTF Download Link
\n—|—|—
\n7.6| SJ04908 | https:\/\/www.ibm.com\/mysupport\/s\/fix-information?legacy=SJ04908 <\/p>\n

https:\/\/www.ibm.com\/support\/fixcentral<\/p>\n

_Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._<\/p>\n

## Workarounds and Mitigations<\/p>\n

None<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n7.2<\/td>\n<\/tr>\n
Severity<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n