CVE-2025-2947
HIGHDescription
IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | i |
| ibm | i |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-2947? +
How severe is CVE-2025-2947? +
What products are affected by CVE-2025-2947? +
How do I check if I'm vulnerable to CVE-2025-2947? +
Related Vulnerabilities
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.
Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus …
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build …
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability …
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this …