{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2947", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-29T13:27:47.251Z", "datePublished": "2025-04-17T17:10:52.646Z", "dateUpdated": "2025-04-18T01:52:16.646Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "i", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM i 7.6&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. &nbsp;A malicious actor can use the command to elevate privileges to gain root access to the host operating system.</span>"}], "value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-278", "description": "CWE-278 Insecure Preserved Inherited Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-04-18T01:52:16.646Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7231025"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM i privilege escalation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T17:54:49.711152Z", "id": "CVE-2025-2947", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:56:57.256Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-17T17:54:49.711152Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:55:05.403Z"}}], "cna": {"title": "IBM i privilege escalation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "i", "versions": [{"status": "affected", "version": "7.6"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7231025", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system.", "supportingMedia": [{"type": "text/html", "value": "IBM i 7.6&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. &nbsp;A malicious actor can use the command to elevate privileges to gain root access to the host operating system.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-278", "description": "CWE-278 Insecure Preserved Inherited Permissions"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-04-17T17:10:52.646Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2947", "state": "PUBLISHED", "dateUpdated": "2025-04-17T17:56:57.256Z", "dateReserved": "2025-03-29T13:27:47.251Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-04-17T17:10:52.646Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i 7.6\u00a0\n\ncontains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. \u00a0A malicious actor can use the command to elevate privileges to gain root access to the host operating system."}], "id": "CVE-2025-2947", "lastModified": "2025-04-17T20:21:05.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-04-17T17:15:33.490", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7231025"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-278"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}