Ddos 
Two security vulnerabilities have been disclosed in the IBM Hardware Management Console (HMC) for Power Systems, both of which could allow a local user to gain elevated privileges.
CVE-2025-1950: Improper Permission Leads to Privilege Escalation
The first vulnerability, tracked as CVE-2025-1950, stems from incorrect permission settings of an environment variable. According to the bulletin, this flaw “could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.” The CVSS Base Score for this vulnerability is a critical 9.3.
CVE-2025-1951: Further Privilege Escalation
The second vulnerability, tracked as CVE-2025-1951, is related to the first and also results in privilege escalation. The description states that IBM Hardware Management Console – Power Systems “could allow a local user to execute commands as a privileged user due to the execution of commands with unnecessary privileges.” This vulnerability has a CVSS Base Score of 8.4.
Both vulnerabilities affect the following IBM Hardware Management Console versions:
- HMC V10.2.1030.0
- HMC V10.3.1050.0
IBM has provided fixes for these vulnerabilities. These fixes are available on IBM Fix Central.
Here’s a summary of the fixes:
| Product | VRMF | APAR | Remediation/Fix |
| Power HMC | V10.2.1040.0 SP3 x86 | MB04482 | MF71717 |
| Power HMC | V10.2.1040.0 SP3 ppc | MB04483 | MF71718 |
| Power HMC | V10.3.1060.0 SP1 x86 | MB04484 | MF71719 |
| Power HMC | V10.3.1060.0 SP1 ppc | MB04485 | MF71720 |