Primary

Context

IBM i Privilege Escalation Vulnerability in SQL Services Authorization Check

Vulnerability

A privilege escalation vulnerability has been identified in IBM i versions 7.6, 7.5, 7.4, 7.3, and 7.2. This vulnerability arises from an invalid authorization check in IBM i SQL services, allowing a malicious actor to exploit the elevated privileges of another user profile to gain root access to the host operating system.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling a user to gain root access on the host operating system.

Remediation

Users are advised to upgrade to a supported version of IBM i and apply the relevant PTFs. Instructions for downloading these PTFs are available on the IBM My Support website. For users on unsupported versions, it is recommended to upgrade to a supported version.

Added: Nov 1, 2025, 12:18 PM

Updated: Nov 1, 2025, 1:17 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM i Privilege Escalation Vulnerability in SQL Services Authorization Check

Vulnerability

Impact

Remediation

Affected Products

IBM i

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating