CVE-2025-33004 – This vulnerability in IBM Planning Analytics Lo... (How to Fix)

Q: What is the severity of CVE-2025-33004?

CVE-2025-33004 has a CVSS score of 6.5 (MEDIUM). This vulnerability in IBM Planning Analytics Local allows privileged users to delete files from directories they shouldn't have access to due to improper pathname restrictions. It affects IBM Planning Analytics Local versions 2.0 and 2.1. The issue stems from insufficient validation of file paths, enabling directory traversal attacks.

📋 TL;DR

This vulnerability in IBM Planning Analytics Local allows privileged users to delete files from directories they shouldn't have access to due to improper pathname restrictions. It affects IBM Planning Analytics Local versions 2.0 and 2.1. The issue stems from insufficient validation of file paths, enabling directory traversal attacks.

💻 Affected Systems

Products:

IBM Planning Analytics Local

Versions: 2.0 and 2.1

Operating Systems: Not OS-specific - affects the application itself

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations where privileged users exist. Requires authenticated privileged access to Planning Analytics.

📦 What is this software?

Planning Analytics Local by Ibm

View all CVEs affecting Planning Analytics Local →

Planning Analytics Local by Ibm

View all CVEs affecting Planning Analytics Local →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious privileged user could delete critical system files, configuration files, or application data, potentially causing service disruption, data loss, or system compromise.

🟠

Likely Case

Privileged users could delete application-specific files, logs, or temporary data, disrupting Planning Analytics functionality or causing data integrity issues.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized users misusing their privileges within the application's data directories.

🌐 Internet-Facing: LOW - This requires authenticated privileged access, making internet-facing exploitation unlikely unless combined with other vulnerabilities.

🏢 Internal Only: MEDIUM - Internal privileged users could exploit this, but requires legitimate elevated credentials within the Planning Analytics environment.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple path traversal techniques could be used by privileged users.

Exploitation requires existing privileged credentials. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the fix as described in IBM Security Bulletin

Vendor Advisory: https://www.ibm.com/support/pages/node/7235182

Restart Required: Yes

Instructions:

1. Review IBM Security Bulletin. 2. Apply the recommended fix from IBM. 3. Restart Planning Analytics services. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Restrict Privileged Access

all

Limit the number of users with privileged access to Planning Analytics to only those who absolutely need it.

Implement File System Monitoring

all

Monitor for unauthorized file deletion attempts in Planning Analytics directories.

🧯 If You Can't Patch

Implement strict least-privilege access controls for Planning Analytics users
Enable detailed auditing of file operations within Planning Analytics directories

🔍 How to Verify

Check if Vulnerable:

Check if running IBM Planning Analytics Local version 2.0 or 2.1. Review user privilege assignments.

Check Version:

Check Planning Analytics version through administration console or configuration files

Verify Fix Applied:

Verify the fix has been applied by checking version or consulting IBM's verification guidance in the security bulletin.

📡 Detection & Monitoring

Log Indicators:

Unexpected file deletion events in Planning Analytics logs
Multiple failed file access attempts followed by successful deletions

Network Indicators:

Unusual patterns of administrative access to Planning Analytics

SIEM Query:

Search for 'file delete' or 'directory traversal' events in Planning Analytics application logs from privileged users

📊 Metadata

CVE ID: CVE-2025-33004

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

EPSS Score: 0.15% exploit probability (35.9th percentile)

Published: June 1, 2025

Last Updated: June 9, 2025

🔗 References

https://www.ibm.com/support/pages/node/7235182 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33004, you might also want to check these: