{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-33103", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T17:50:40.774Z", "datePublished": "2025-05-17T16:02:29.639Z", "dateUpdated": "2025-05-20T03:55:14.546Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "i", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.2, 7.3, 7.4, 7.5, 7.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system."}], "value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-17T16:02:29.639Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7233799"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6, 7.5, 7.4, 7.3, 7.2 will be fixed.<br>The IBM i 5770-TC1 PTF numbers listed below resolve the vulnerability.<br><br>IBM i Release 5770-TC1<br>PTF Number PTF Download Link<br>7.6 SJ05513 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513</a><br>7.5 SJ05494 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494</a><br>7.4 SJ05505 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505</a><br>7.3 SJ05514 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514</a><br>7.2 SJ05525 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525</a><br>"}], "value": "The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6, 7.5, 7.4, 7.3, 7.2 will be fixed.\nThe IBM i 5770-TC1 PTF numbers listed below resolve the vulnerability.\n\nIBM i Release 5770-TC1\nPTF Number PTF Download Link\n7.6 SJ05513 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513 \n7.5 SJ05494 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494 \n7.4 SJ05505 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505 \n7.3 SJ05514 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514 \n7.2 SJ05525 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM i privilege escalation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-19T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-33103"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T03:55:14.546Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33103", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-19T14:40:13.207409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T14:40:20.489Z"}}], "cna": {"title": "IBM i privilege escalation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "i", "versions": [{"status": "affected", "version": "7.2, 7.3, 7.4, 7.5, 7.6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6, 7.5, 7.4, 7.3, 7.2 will be fixed.\nThe IBM i 5770-TC1 PTF numbers listed below resolve the vulnerability.\n\nIBM i Release 5770-TC1\nPTF Number PTF Download Link\n7.6 SJ05513 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513 \n7.5 SJ05494 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494 \n7.4 SJ05505 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505 \n7.3 SJ05514 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514 \n7.2 SJ05525 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525", "supportingMedia": [{"type": "text/html", "value": "The issue can be addressed by applying a PTF to IBM i. IBM i release 7.6, 7.5, 7.4, 7.3, 7.2 will be fixed.<br>The IBM i 5770-TC1 PTF numbers listed below resolve the vulnerability.<br><br>IBM i Release 5770-TC1<br>PTF Number PTF Download Link<br>7.6 SJ05513 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05513</a><br>7.5 SJ05494 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05494</a><br>7.4 SJ05505 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05505</a><br>7.3 SJ05514 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05514</a><br>7.2 SJ05525 <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525\">https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05525</a><br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7233799", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.", "supportingMedia": [{"type": "text/html", "value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-05-17T16:02:29.639Z"}}}, "cveMetadata": {"cveId": "CVE-2025-33103", "state": "PUBLISHED", "dateUpdated": "2025-05-20T03:55:14.546Z", "dateReserved": "2025-04-15T17:50:40.774Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-05-17T16:02:29.639Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "AFFF96C2-7E0F-4DF9-AF51-3EE357D51095", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system."}, {"lang": "es", "value": "Las utilidades de conectividad TCP/IP de IBM para i, producto de IBM i 7.2, 7.3, 7.4, 7.5 y 7.6, contienen una vulnerabilidad de escalada de privilegios. Un agente malicioso con acceso de l\u00ednea de comandos al sistema operativo host puede elevar los privilegios para obtener acceso root al sistema operativo host."}], "id": "CVE-2025-33103", "lastModified": "2025-06-04T20:12:06.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-17T16:15:18.953", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7233799"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}