CVE-2025-33120
HIGHDescription
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
Is your site exposed to CVE-2025-33120?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_incident_forensics |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
| ibm | qradar_security_information_and_event_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-33120? +
How severe is CVE-2025-33120? +
What products are affected by CVE-2025-33120? +
How do I check if I'm vulnerable to CVE-2025-33120? +
Related Vulnerabilities
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power …
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure …
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue …