CVE-2025-33108

IBM Backup Recovery and Media Services for i code execution

Description

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system.

Remediation

Solution:

The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5 and 7.4 will be fixed. The IBM i PTF numbers for 5770-BR1 contain the fix for the vulnerability. IBM i Release 5770-BR1 PTF Numbers PTF Download Link 7.5 SJ05907 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05907 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05906

References

Link	Tags
https://www.ibm.com/support/pages/node/7236663	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-33108?: CVE-2025-33108 has been scored as a high severity vulnerability.
How to fix CVE-2025-33108?: To fix CVE-2025-33108: The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5 and 7.4 will be fixed. The IBM i PTF numbers for 5770-BR1 contain the fix for the vulnerability. IBM i Release 5770-BR1 PTF Numbers PTF Download Link 7.5 SJ05907 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05907 https://www.ibm.com/mysupport/s/fix-information?legacy=SJ05906
Is CVE-2025-33108 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-33108 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-33108?: CVE-2025-33108 affects IBM Backup Recovery and Media Services for i.

Description

Remediation

Category

CWE-250 – Execution with Unnecessary Privileges

References

Frequently Asked Questions