Privilege Escalation in IBM Security Guardium Affecting Version 11.4 and 12.1
CVE-2025-25023

4.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Guardium
Vendor: CVE Published:; 9 April 2025

Summary

A privilege escalation vulnerability exists in IBM Security Guardium versions 11.4 and 12.1, where improper privilege assignment could allow a privileged user to read any file on the system. This misconfiguration poses significant risks, as it can lead to unauthorized access to sensitive information, creating potential for data breaches and exploitation. Organizations using affected versions must ensure proper privilege management to mitigate risks.

Affected Version(s)

Security Guardium 11.4, 12.1

References

https://www.ibm.com/support/pages/node/7230467

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Jan 31, 2025