CVE-2025-33108

| EUVD-2025-18318 HIGH
2025-06-14 [email protected]
8.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 21:53 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:53 euvd
EUVD-2025-18318
CVE Published
Jun 14, 2025 - 01:15 nvd
HIGH 8.5

Tags

Privilege Escalation IBM RCE

Description

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system.

Analysis

Privilege escalation vulnerability in IBM Backup, Recovery and Media Services (BRMS) for i versions 7.4 and 7.5 that exploits unqualified library calls in compiled or restored programs. An authenticated user with compile or restore capabilities can inject malicious code that executes with elevated component access to the IBM i operating system, achieving full system compromise. This is a high-severity issue affecting enterprise backup infrastructure, though it requires valid credentials and medium attack complexity to exploit.

Technical Context

The vulnerability stems from CWE-250 (Execution with Unnecessary Privileges) combined with unsafe library resolution patterns on IBM i systems. BRMS programs make unqualified procedure calls—meaning they don't explicitly specify which library contains the target procedure—allowing the library search path to be manipulated. An attacker with compile or restore privileges can create a malicious program object in a library earlier in the search sequence, causing the BRMS component to execute attacker-controlled code with the elevated privileges of the BRMS subsystem. This is particularly dangerous on IBM i (iSeries/AS400) where the object-based security model and library search mechanisms can be exploited if not properly qualified. The affected CPE scope is cpe:2.7.a:ibm:backup_recovery_and_media_services_for_i:7.4 and cpe:2.7.a:ibm:backup_recovery_and_media_services_for_i:7.5, indicating the vulnerability is isolated to these specific major versions.

Affected Products

Backup, Recovery and Media Services for i (['7.4', '7.5'])

Remediation

Patching: Apply IBM security patch for BRMS when released. Monitor IBM Security Advisories for CVE-2025-33108 patch updates. Expected to be released via IBM iSeries system patches or BRMS-specific fixpaks.; priority: Critical Access Control Mitigation: Restrict compile and restore program privileges to only trusted, security-cleared personnel. Review and audit all users with *USE authority to BRMS objects and compile/restore capabilities. Implement principle of least privilege for BRMS subsystem jobs.; priority: High Library Search Path Hardening: Review BRMS job descriptions and library lists (LIBL) to ensure no user-writable libraries appear before system/IBM libraries in the search sequence. Use qualified procedure calls where possible in custom integrations with BRMS.; priority: High Monitoring: Enable IBM i Security Auditing for BRMS-related objects, particularly object creation and program execution events. Monitor for unusual program object creation in libraries ahead of BRMS library path.; priority: Medium Workaround: If patching is delayed, consider restricting BRMS feature access to only essential personnel and reducing the scope of compile/restore permissions granted to end users until patch is available.; priority: Medium

Priority Score

43
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +42
POC: 0

Share

CVE-2025-33108 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy