Login Sign Up

CVE-2025-33103

8.5 HIGH

📋 TL;DR

This CVE describes a privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i on IBM i operating systems. An attacker with command line access can exploit this to gain root privileges on the host system. Affected systems include IBM i versions 7.2 through 7.6.

💻 Affected Systems

Products:
  • IBM TCP/IP Connectivity Utilities for i
Versions: 7.2, 7.3, 7.4, 7.5, 7.6
Operating Systems: IBM i
Default Config Vulnerable: ⚠️ Yes
Notes: Requires command line access to the host operating system to exploit.

📦 What is this software?

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root access, allowing data theft, system modification, persistence, and lateral movement across the network.

🟠

Likely Case

Privilege escalation from a lower-privileged user account to root, enabling unauthorized administrative actions and potential data access.

🟢

If Mitigated

Limited impact if command line access is restricted through proper access controls and network segmentation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires existing command line access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply PTFs as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7233799

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific PTF numbers
2. Apply required PTFs via IBM i PTF management
3. Restart affected services or system as required

🔧 Temporary Workarounds

Restrict Command Line Access

all

Limit command line access to trusted administrators only

Implement RBAC controls
Use IBM i security settings to restrict command line interfaces

Network Segmentation

all

Isolate IBM i systems from untrusted networks

Configure firewall rules
Implement network segmentation

🧯 If You Can't Patch

  • Implement strict access controls to limit command line access
  • Monitor for privilege escalation attempts and unusual root activity

🔍 How to Verify

Check if Vulnerable:

Check IBM i version and installed PTFs against advisory requirements

Check Version:

DSPPTF LICPGM(5770TC1) or equivalent IBM i commands

Verify Fix Applied:

Verify PTFs listed in IBM advisory are installed and active

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Root access from non-administrative accounts
  • Failed privilege escalation attempts

Network Indicators:

  • Unusual command line access patterns
  • Suspicious administrative activity

SIEM Query:

Search for privilege escalation events or root access from non-admin accounts

📊 Metadata

CVE ID: CVE-2025-33103
CVSS v3 Score: 8.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-250
EPSS Score: 0.06% exploit probability (17.8th percentile)
Published: May 17, 2025
Last Updated: June 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33103, you might also want to check these:

CVE-2022-1517 10.0

CVE-2022-1517 is a critical vulnerability in LRM (likely a network management system) that allows un...

Same vulnerability type (CWE-250)
CVE-2025-32445 9.9

This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escal...

Same vulnerability type (CWE-250)
CVE-2024-8767 9.9

This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assign...

Same vulnerability type (CWE-250)