CVE-2024-25050 - Vulnerability Details - OpenCVE

IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	I Rational Developer For I

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_developer_for_i:7.2:::::::*
	cpe:2.3:a:ibm:rational_developer_for_i:7.3:::::::*
	cpe:2.3:a:ibm:rational_developer_for_i:7.4:::::::*
	cpe:2.3:a:ibm:rational_developer_for_i:7.5:::::::*
	cpe:2.3:o:ibm:i:7.2:::::::*
	cpe:2.3:o:ibm:i:7.3:::::::*
	cpe:2.3:o:ibm:i:7.4:::::::*
	cpe:2.3:o:ibm:i:7.5:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/283242
https://www.ibm.com/support/pages/node/7149616
https://www.ibm.com/support/pages/node/7149672

History

Wed, 13 Aug 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm Ibm i Ibm rational Developer For I
CPEs		cpe:2.3:a:ibm:rational_developer_for_i:7.2:::::::* cpe:2.3:a:ibm:rational_developer_for_i:7.3:::::::* cpe:2.3:a:ibm:rational_developer_for_i:7.4:::::::* cpe:2.3:a:ibm:rational_developer_for_i:7.5:::::::* cpe:2.3:o:ibm:i:7.2:::::::* cpe:2.3:o:ibm:i:7.3:::::::* cpe:2.3:o:ibm:i:7.4:::::::* cpe:2.3:o:ibm:i:7.5:::::::*
Vendors & Products		Ibm Ibm i Ibm rational Developer For I

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-04-28T12:16:32.538Z

Updated: 2024-08-01T23:36:21.478Z

Reserved: 2024-02-03T14:49:33.094Z

Link: CVE-2024-25050

Vulnrichment

Updated: 2024-08-01T23:36:21.478Z

NVD

Status : Analyzed

Published: 2024-04-28T13:15:08.257

Modified: 2025-08-13T13:12:21.070

Link: CVE-2024-25050

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25050", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-02-03T14:49:33.094Z", "datePublished": "2024-04-28T12:16:32.538Z", "dateUpdated": "2024-08-01T23:36:21.478Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "i", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.2, 7.3, 7.4, 7.5"}]}, {"defaultStatus": "unaffected", "product": "Rational Development Studio for i", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.2, 7.3, 7.4, 7.5"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242."}], "value": "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-04-28T12:16:32.538Z"}, "references": [{"url": "https://www.ibm.com/support/pages/node/7149672"}, {"url": "https://www.ibm.com/support/pages/node/7149616"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM i privilege escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "ibm", "product": "i", "cpes": ["cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2", "status": "affected"}]}, {"vendor": "ibm", "product": "i", "cpes": ["cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.3", "status": "affected"}]}, {"vendor": "ibm", "product": "i", "cpes": ["cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.4", "status": "affected"}]}, {"vendor": "ibm", "product": "rational_development_studio_for_i", "cpes": ["cpe:2.3:a:ibm:rational_development_studio_for_i:7.5:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.5", "status": "affected"}]}, {"vendor": "ibm", "product": "i", "cpes": ["cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.5", "status": "affected"}]}, {"vendor": "ibm", "product": "rational_development_studio_for_i", "cpes": ["cpe:2.3:a:ibm:rational_development_studio_for_i:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_development_studio_for_i:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_development_studio_for_i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_development_studio_for_i:7.5:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2", "status": "affected"}, {"version": "7.3", "status": "affected"}, {"version": "7.4", "status": "affected"}, {"version": "7.5", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-29T13:59:09.822043Z", "id": "CVE-2024-25050", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T17:08:33.592Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.478Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7149672", "tags": ["x_transferred"]}, {"url": "https://www.ibm.com/support/pages/node/7149616", "tags": ["x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7149672", "tags": ["x_transferred"]}, {"url": "https://www.ibm.com/support/pages/node/7149616", "tags": ["x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.478Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25050", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-29T13:59:09.822043Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "i", "versions": [{"status": "affected", "version": "7.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "i", "versions": [{"status": "affected", "version": "7.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "i", "versions": [{"status": "affected", "version": "7.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:rational_development_studio_for_i:7.5:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "rational_development_studio_for_i", "versions": [{"status": "affected", "version": "7.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "i", "versions": [{"status": "affected", "version": "7.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:ibm:rational_development_studio_for_i:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_development_studio_for_i:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_development_studio_for_i:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:rational_development_studio_for_i:7.5:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "rational_development_studio_for_i", "versions": [{"status": "affected", "version": "7.2"}, {"status": "affected", "version": "7.3"}, {"status": "affected", "version": "7.4"}, {"status": "affected", "version": "7.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T14:08:16.419Z"}}], "cna": {"title": "IBM i privilege escalation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "i", "versions": [{"status": "affected", "version": "7.2, 7.3, 7.4, 7.5"}], "defaultStatus": "unaffected"}, {"vendor": "IBM", "product": "Rational Development Studio for i", "versions": [{"status": "affected", "version": "7.2, 7.3, 7.4, 7.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7149672"}, {"url": "https://www.ibm.com/support/pages/node/7149616"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.", "supportingMedia": [{"type": "text/html", "value": "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-04-28T12:16:32.538Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25050", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:36:21.478Z", "dateReserved": "2024-02-03T14:49:33.094Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-04-28T12:16:32.538Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_developer_for_i:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB3EE4D6-C5B2-4ECF-BD66-07BA0523AE7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_i:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "3B68B11B-63F7-42DB-88CF-0CD7AB538650", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_i:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F5449DF6-7F01-445C-B352-A03643875420", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_developer_for_i:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0FA3EED9-3D02-4BCB-A029-2924643AC4A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242."}, {"lang": "es", "value": "La infraestructura de red y compilador de IBM i 7.2, 7.3, 7.4, 7.5 e IBM Rational Development Studio para i 7.2, 7.3, 7.4, 7.5 podr\u00eda permitir a un usuario local obtener privilegios elevados debido a una llamada de librer\u00eda no calificada. Un actor malintencionado podr\u00eda provocar que el c\u00f3digo controlado por el usuario se ejecute con privilegios de administrador. ID de IBM X-Force: 283242."}], "id": "CVE-2024-25050", "lastModified": "2025-08-13T13:12:21.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-28T13:15:08.257", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149616"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7149672"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}