CVE-2024-25050 – This vulnerability in IBM i and IBM Rational De... (How to Fix)

Q: What is the severity of CVE-2024-25050?

CVE-2024-25050 has a CVSS score of 8.4 (HIGH). This vulnerability in IBM i and IBM Rational Development Studio for i allows a local user to execute arbitrary code with administrator privileges due to an unqualified library call. It affects IBM i versions 7.2 through 7.5 and corresponding Rational Development Studio versions. Attackers could gain complete system control on vulnerable systems.

📋 TL;DR

This vulnerability in IBM i and IBM Rational Development Studio for i allows a local user to execute arbitrary code with administrator privileges due to an unqualified library call. It affects IBM i versions 7.2 through 7.5 and corresponding Rational Development Studio versions. Attackers could gain complete system control on vulnerable systems.

💻 Affected Systems

Products:

IBM i
IBM Rational Development Studio for i

Versions: 7.2, 7.3, 7.4, 7.5

Operating Systems: IBM i (OS/400)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both the operating system and development environment. Requires local access to the system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where a local attacker gains administrator privileges, enabling data theft, system modification, persistence, and lateral movement.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, access sensitive data, and install malware.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and privilege separation is enforced.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Local attackers or compromised accounts can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but appears straightforward based on the CWE-427 description of unqualified library calls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM i Group PTFs: SF99738 Level 38 or later for 7.2, SF99739 Level 35 or later for 7.3, SF99740 Level 28 or later for 7.4, SF99741 Level 12 or later for 7.5

Vendor Advisory: https://www.ibm.com/support/pages/node/7149616

Restart Required: Yes

Instructions:

1. Check current PTF levels using DSPPTF. 2. Apply the required Group PTF for your IBM i version. 3. Restart the system as required. 4. For Rational Development Studio, apply corresponding fixes from IBM support.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts and implement strict access controls to reduce attack surface.

Implement privilege separation

all

Ensure users run with minimal necessary privileges using IBM i security features.

🧯 If You Can't Patch

Implement strict access controls to limit local user accounts
Monitor for suspicious privilege escalation attempts and unauthorized library calls

🔍 How to Verify

Check if Vulnerable:

Check IBM i version with 'DSPPTF' command and verify if required Group PTF levels are installed.

Check Version:

DSPPTF (Display PTF) command on IBM i

Verify Fix Applied:

After patching, verify PTF installation with 'DSPPTF' and ensure the system is at the required Group PTF level or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual library calls from user accounts
Privilege escalation attempts
Unauthorized administrative actions

Network Indicators:

None - local exploitation only

SIEM Query:

Search for privilege escalation events, unexpected library loads, or administrative actions from non-admin accounts

📊 Metadata

CVE ID: CVE-2024-25050

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: April 28, 2024

Last Updated: August 13, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 Vendor Advisory
https://www.ibm.com/support/pages/node/7149616 Vendor Advisory
https://www.ibm.com/support/pages/node/7149672 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 Vendor Advisory
https://www.ibm.com/support/pages/node/7149616 Vendor Advisory
https://www.ibm.com/support/pages/node/7149672 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25050, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

I by Ibm

I by Ibm

I by Ibm

I by Ibm

Rational Developer For I by Ibm

Rational Developer For I by Ibm

Rational Developer For I by Ibm

Rational Developer For I by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user access

Implement privilege separation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities