IBM
CVE-2025-12985
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
AnalysisAI
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image. [CVSS 8.4 HIGH]
Technical ContextAI
This vulnerability (CWE-732: Incorrect Permission Assignment for Critical Resource) IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
Affected ProductsAI
IBM Licensing Operator incorrectly assigns privileges to security critical files which could
RemediationAI
Monitor vendor advisories for a patch.
Share
External POC / Exploit Code
Leaving vuln.today