![How to Use AI as a Productivity Tool with Mike Kaput [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/v2MAICON-Speaker_Series.png)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
![[DEALS] Internxt Cloud Storage Lifetime Subscription: 10TB Plan (87% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Designing a Robust Modular Hardware-Oriented Application in C++ [closed]](https://i.sstatic.net/f2sQd76t.webp)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![iPad Air vs reMarkable Paper Pro: Which tablet is best for note taking? [Updated]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/ipad-air-remarkable-paper-pro.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![What Gemini app features are free versus paid? [June 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/01/gemini-android-5.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple M4 Mac Mini Back on Sale for $499 [Deal]](https://www.iclarified.com/images/news/97617/97617/97617-640.jpg)
IBM Backup Services Vulnerability Let Attackers Escalate Privileges
A critical security vulnerability in IBM Backup, Recovery, and Media Services for the i platform that could allow attackers to gain elevated privileges and execute malicious code with component-level access to the host operating system. The vulnerability, tracked as CVE-2025-33108, stems from an unqualified library call made by a BRMS program and carries a CVSS […] The post IBM Backup Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
A critical security vulnerability in IBM Backup, Recovery, and Media Services for the i platform that could allow attackers to gain elevated privileges and execute malicious code with component-level access to the host operating system.
The vulnerability, tracked as CVE-2025-33108, stems from an unqualified library call made by a BRMS program and carries a CVSS base score of 8.5, indicating high severity.
The security flaw affects IBM i versions 7.5 and 7.4, potentially exposing organizations running these systems to privilege escalation attacks.
According to IBM’s security bulletin published on June 13, 2025, the vulnerability could enable a user with compilation or program restoration capabilities to exploit the system through user-controlled code execution.
IBM Backup Services Privilege Escalation
The vulnerability is classified under CWE-250: Execution with Unnecessary Privileges and exploits an unqualified library call weakness within the BRMS architecture.
The attack vector requires network access with high attack complexity, low privileges, and no user interaction, as indicated by the CVSS vector (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
A malicious actor who successfully exploits this vulnerability could cause user-controlled code to execute with elevated system privileges, potentially compromising the confidentiality, integrity, and availability of the affected system.
The scope change indicator in the CVSS vector suggests that the vulnerability could impact resources beyond the vulnerable component itself.
The technical nature of this flaw lies in how the BRMS program makes library calls without proper qualification, creating an opportunity for attackers to inject malicious code that runs with higher privileges than intended.
This type of vulnerability is particularly concerning in enterprise environments where backup and recovery systems often have extensive system access.
A successful exploit could provide attackers with extensive access to critical business data and system functions.
Risk Factors Details Affected Products IBM Backup, Recovery and Media Services for i (BRMS) versions 7.5 and 7.4 Impact Privilege escalation Exploit Prerequisites – User capabilities to compile or restore a program- Network access (AV:N) and low privileges (PR:L) CVSS 3.1 Score 8.5 (High)
Mitigations
IBM has released Program Temporary Fixes (PTFs) to address the vulnerability across affected versions.
Organizations running IBM i Release 7.5 should apply PTF SJ05907, while those on Release 7.4 need to install PTF SJ05906. Both fixes are available through IBM’s support portal and Fix Central.
The patches target the 5770-BR1 product code specifically, addressing the unqualified library call issue that enables the privilege escalation.
System administrators can download the appropriate PTF from IBM’s MySupport portal using the provided links or access it through the centralized Fix Central repository.
Notably, IBM has indicated that no workarounds or mitigations are available for this vulnerability, making the application of the security patches the only viable solution.
This underscores the critical importance of immediate patch deployment for affected systems.
Organizations should prioritize the immediate deployment of the available PTFs, particularly in environments where backup systems are network-accessible or where multiple users have compilation or restoration privileges.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
The post IBM Backup Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
