Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.
AnalysisAI
Local privilege escalation in IBM Netezza Performance Server Replication Services (versions 3.0.2.0 through 3.0.5.0) allows an already-authenticated, low-privileged user on the appliance to gain full root control. By abusing the over-privileged Replication Services component the attacker can execute root-level commands, spawn a root shell, reset the root password, alter or delete system-wide files, and plant persistent backdoors, resulting in complete loss of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and no EPSS score was supplied in the source data, so the issue currently reflects vendor-reported risk rather than observed exploitation.
Technical ContextAI
The flaw is classified as CWE-250 (Execution with Unnecessary Privileges), meaning a component of the Replication Services subsystem in IBM Netezza Performance Server runs with more privilege (root) than its function requires, and a lower-privileged caller can leverage that elevated context to perform root-level actions. Netezza Performance Server is IBM's data-warehouse appliance platform (the successor to the PureData/Netezza appliance line), and Replication Services is the subsystem responsible for synchronizing data between Netezza systems for high availability and disaster recovery. Because such replication daemons and helper utilities frequently need elevated access to manage filesystems, services, and database state, an improperly dropped or improperly constrained privilege boundary in this component lets a local user cross from an ordinary appliance account to root. No CPE strings were provided in the source data, so exact platform/build identifiers must be taken from the IBM advisory rather than NVD CPE matching.
RemediationAI
Apply the fix described in the IBM advisory at https://www.ibm.com/support/pages/node/7272148; a patch is available per the vendor advisory, but the exact fixed version was not included in the provided data and must be read directly from that bulletin (do not assume a version number). Because exploitation requires a local, low-privileged account, the most effective compensating control until patching is to tightly restrict who holds interactive or service accounts on the Netezza appliance: remove or disable unnecessary local logins and shell access, and enforce least privilege on the Replication Services account so that only trusted administrators can reach the affected component - the trade-off is operational friction for legitimate replication operators. Additionally, audit and monitor for unexpected use of root-equivalent commands, sudden root password changes, or unexplained modification of system-wide files on the appliance, since these are the direct effects described for this flaw; this is detection-only and does not prevent exploitation. Where high-availability replication can tolerate a maintenance window, prioritizing the upgrade over long-lived workarounds is preferable because no workaround fully closes a privilege-boundary defect of this type.
Same weakness CWE-250 – Execution with Unnecessary Privileges
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32279
GHSA-wwj4-rjmm-2rvv