CVE-2025-2947

HIGH Year: 2025
CVSS v3 Score
7.2
High
Weakness Type
CWE-278
View all →

Vulnerability Description

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system.

Related Vulnerabilities

CVE-2023-38497

HIGH
CVSS:7.3(High)

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate arch...

CWE-2782023

CVE-2024-36538

HIGH
CVSS:8.8(High)

Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

CWE-2782024

CVE-2024-37769

HIGH
CVSS:8.8(High)

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.

CWE-2782024

CVE-2024-36538

HIGH
CVSS:8.8(High)

Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

CWE-2782024

CVE-2024-37769

HIGH
CVSS:8.8(High)

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.

CWE-2782024

CVE-2023-38497

HIGH
CVSS:7.3(High)

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate arch...

CWE-2782023