Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.
AnalysisAI
Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.
Technical ContextAI
The vulnerability exists in the Perl implementation bundled with IBM AIX and VIOS, specifically in how pathname inputs are processed. CWE-23 (Relative Path Traversal) indicates the root cause involves improper neutralization of special path elements (such as '..' or symbolic links) in user-supplied pathname input. The Perl interpreter fails to adequately sanitize or validate file paths before using them in operations, allowing attackers to traverse directory boundaries and access or execute files outside intended directories. Affected CPE strings include cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:* and cpe:2.3:o:ibm:vios:4.1.1:*:*:*:*:*:*:*. This is particularly dangerous because Perl is commonly used for system administration scripts and utilities that may run with elevated privileges or in sensitive contexts.
RemediationAI
IBM should release security patches for AIX 7.3 and VIOS 4.1.1 addressing improper pathname neutralization in Perl. Pending patch availability: (1) Check IBM Security Advisories portal for CVE-2025-33112 patches and apply immediately to all affected systems; (2) If patches are unavailable, restrict local user access to affected AIX systems through access controls and privilege separation; (3) Review Perl scripts and applications for hardcoded path assumptions and implement input validation for any user-supplied pathname parameters; (4) Monitor AIX audit logs for suspicious file access patterns or Perl script executions; (5) Consider implementing Security Enhanced Linux (SELinux) or AIX's native mandatory access controls (MAC) to limit damage from arbitrary code execution; (6) Segment network architecture to isolate AIX systems and limit lateral movement if a local compromise occurs. Contact IBM support for vendor-specific patch timelines and advisories.
IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improp
IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary comma
Use-after-free memory corruption in X.Org X server's Xkb extension allows local authenticated attackers to achieve high
Local privilege escalation in X.Org X server's Xkb extension affects RHEL-family distributions, allowing authenticated u
libxml2's xmlCatalogXMLResolveURI function is vulnerable to uncontrolled recursion when processing self-referencing dele
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML
A vulnerability was found in libxml2 up to 2.14.5. Rated medium severity (CVSS 4.8), this vulnerability is low attack co
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to ex
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17693