IBM Backup, Recovery and Media Services for i is vulnerable to a user gaining elevated privileges due to an unqualified library call

FI-2025-007 - IBM Backup, Recovery and Media Services for i is vulnerable to a user gaining elevated privileges due to an unqualified library call

Severity
High
Published Date
13-Jun-2025
Updated Date
13-Jun-2025
Vulnerabilities
CVE-2025-33108
 
Notes
Description

IBM Backup, Recovery, and Media Services is vulnerable to allowing a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call. A malicious actor could cause user-controlled code to run with component access to the host operating system This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section.

 

Vulnerabilities

 
IBM Backup, Recovery and Media Services for i is vulnerable to a user gaining elevated privileges due to an unqualified library call
Severity
High
CVE
CVE-2025-33108
CWE
CWE-250:Execution with Unnecessary Privileges
Discovery Date
17-Nov-2023
CSSv3.1
8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Affected Products
IBM Backup, Recovery and Media Services for i versions 7.5, 7.4
Vulnerability Notes
Remediation: Vendor Fix
The issue can be fixed by applying a PTF to IBM i.  IBM i releases 7.5 and 7.4 will be fixed.
The IBM i PTF numbers for 5770-BR1 contain the fix for the vulnerability.
 
References
 

References