{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2947", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-29T13:27:47.251Z", "datePublished": "2025-04-17T17:10:52.646Z", "dateUpdated": "2025-08-28T16:40:47.631Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "i", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM i 7.6&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. &nbsp;A malicious actor can use the command to elevate privileges to gain root access to the host operating system.</span>"}], "value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-278", "description": "CWE-278 Insecure Preserved Inherited Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-28T16:40:47.631Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7231025"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM i privilege escalation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-2947"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T03:55:19.019Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-17T17:54:49.711152Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:55:05.403Z"}}], "cna": {"title": "IBM i privilege escalation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "i", "versions": [{"status": "affected", "version": "7.6"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7231025", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system.", "supportingMedia": [{"type": "text/html", "value": "IBM i 7.6&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. &nbsp;A malicious actor can use the command to elevate privileges to gain root access to the host operating system.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-278", "description": "CWE-278 Insecure Preserved Inherited Permissions"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-28T16:40:47.631Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2947", "state": "PUBLISHED", "dateUpdated": "2025-08-28T16:40:47.631Z", "dateReserved": "2025-03-29T13:27:47.251Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-04-17T17:10:52.646Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "8C189EC3-7D9F-4303-BB5C-1013FAE59B1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system."}, {"lang": "es", "value": "IBM i 7.6 contiene una vulnerabilidad de escalada de privilegios debido al intercambio incorrecto de perfiles en un comando del sistema operativo. Un atacante puede usar el comando para elevar privilegios y obtener acceso root al sistema operativo host."}], "id": "CVE-2025-2947", "lastModified": "2025-07-17T18:37:40.007", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-17T17:15:33.490", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7231025"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-278"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}