CVE-2025-33122

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7237040	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:i:7.2:::::::*
	cpe:2.3:a:ibm:i:7.3:::::::*
	cpe:2.3:a:ibm:i:7.4:::::::*
	cpe:2.3:a:ibm:i:7.5:::::::*
	cpe:2.3:a:ibm:i:7.6:::::::*

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

History

03 Jul 2025, 20:53

Type	Values Removed	Values Added
Summary		(es) IBM i 7.2, 7.3, 7.4, 7.5 y 7.6 podría permitir que un usuario obtenga privilegios elevados debido a una llamada de librería no cualificada en IBM Advanced Job Scheduler para i. Un agente malicioso podría provocar que código controlado por el usuario se ejecute con privilegios de administrador.
References	~~() https://www.ibm.com/support/pages/node/7237040 -~~	() https://www.ibm.com/support/pages/node/7237040 - Vendor Advisory
CPE		cpe:2.3:a:ibm:i:7.5:::::::* cpe:2.3:a:ibm:i:7.3:::::::* cpe:2.3:a:ibm:i:7.6:::::::* cpe:2.3:a:ibm:i:7.4:::::::* cpe:2.3:a:ibm:i:7.2:::::::* cpe:2.3:o:ibm:i:-:::::::*
First Time		Ibm i Ibm

17 Jun 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 18:15

Updated : 2025-07-03 20:53

NVD link : CVE-2025-33122

Mitre link : CVE-2025-33122

CVE.ORG link : CVE-2025-33122

JSON object : View

Products Affected

ibm

i

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2025-33122", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2025-06-17T18:15:25.580", "references": [{"url": "https://www.ibm.com/support/pages/node/7237040", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege."}, {"lang": "es", "value": "IBM i 7.2, 7.3, 7.4, 7.5 y 7.6 podr\u00eda permitir que un usuario obtenga privilegios elevados debido a una llamada de librer\u00eda no cualificada en IBM Advanced Job Scheduler para i. Un agente malicioso podr\u00eda provocar que c\u00f3digo controlado por el usuario se ejecute con privilegios de administrador."}], "lastModified": "2025-07-03T20:53:32.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E41BD05-37B8-4494-9344-506D4BCF43C2"}, {"criteria": "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD4F4919-D935-4B81-B4E8-0E0F2DAC09B1"}, {"criteria": "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE2B298C-E1F6-43BD-A5EF-83964C6669CE"}, {"criteria": "cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88B74622-BDB2-43AE-A91F-FADEC4B64B4F"}, {"criteria": "cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C189EC3-7D9F-4303-BB5C-1013FAE59B1E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}