CVE-2025-2947

Summary

IBM i 7.6 

contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command.  A malicious actor can use the command to elevate privileges to gain root access to the host operating system.

Affected Software

VendorProductVersion RangeStatus
IBMi7.6affected

Weaknesses

  • CWE-278: CWE-278 Insecure Preserved Inherited Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References