CVE-2025-12985

Summary

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

Affected Software

VendorProductVersion RangeStatus
IBMIBM Licensing Operator9.0.0affected
IBMIBM Licensing Operator9.0.1affected
IBMIBM Licensing Operator9.1.0affected
IBMIBM Licensing Operator9.2.0affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References