Privilege Escalation Flaw in IBM Backup Services Threatens IBM i Environments (CVE-2025-33108)

IBM has disclosed a high-severity vulnerability affecting its Backup, Recovery, and Media Services (BRMS) for IBM i systems, specifically versions 7.5 and 7.4. Identified as CVE-2025-33108, this flaw allows a user with specific capabilities to gain elevated privileges, posing a serious risk to the integrity of affected environments.

“IBM Backup, Recovery, and Media Services is vulnerable to allowing a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call,” the company warned in its security bulletin.

The vulnerability stems from a library unqualified call within the BRMS software. Essentially, this means that the software is referencing system resources without specifying secure paths, allowing malicious users to redirect those calls to their own code.

“A malicious actor could cause user-controlled code to run with component access to the host operating system,” IBM explained, highlighting the potential for full system compromise.

The vulnerability has been assigned a CVSS base score of 8.5, placing it in the high-severity category due to its potential to be exploited by an insider or a compromised user account with compile or restore capabilities.

IBM identified the affected products and versions as:

• IBM Backup, Recovery and Media Services for i 7.5
• IBM Backup, Recovery and Media Services for i 7.4

These versions are often used in enterprise environments for automated backup and recovery of IBM i objects, making the potential impact of exploitation especially concerning for regulated industries and mission-critical workloads.

IBM has released Program Temporary Fixes (PTFs) to address the vulnerability. Users are strongly urged to apply these patches immediately:

• For IBM i 7.5: PTF SJ05907
• For IBM i 7.4: PTF SJ05906

Related Posts:

• IBM created the world’s smallest computer
• IBM Completes Acquisition of HashiCorp, Ushering in New Era of Hybrid Cloud Automation