A hacker connect with IBM files

A serious security vulnerability has been identified in IBM Backup, Recovery, and Media Services (BRMS) for the IBM i platform, potentially allowing attackers to gain elevated privileges and execute malicious code with component-level access to the host operating system.

Tracked as CVE-2025-33108, this vulnerability arises from an unqualified library call made by a BRMS program and has been assigned a CVSS base score of 8.5, indicating its high severity.

The flaw affects IBM i versions 7.5 and 7.4, putting organizations that operate these systems at risk of privilege escalation attacks. According to IBM’s security bulletin released on June 13, 2025, the vulnerability could enable users with compilation or program restoration capabilities to exploit the system through user-controlled code execution.

A hacker connect with IBM files A hacker connect with IBM files

Understanding the Vulnerability
This vulnerability is classified under CWE-250:

Execution with Unnecessary Privileges and exploits a weakness in the BRMS architecture related to unqualified library calls. The attack vector requires network access, has high attack complexity, low privileges, and does not necessitate user interaction, as indicated by the CVSS vector (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

If successfully exploited, a malicious actor could execute user-controlled code with elevated system privileges, potentially compromising the confidentiality, integrity, and availability of the affected system. The CVSS vector's scope change indicator suggests that the vulnerability could impact resources beyond the vulnerable component itself.

The technical nature of this flaw lies in the BRMS program's method of making library calls without proper qualification, creating an opportunity for attackers to inject malicious code that runs with higher privileges than intended. This type of vulnerability is particularly alarming in enterprise environments where backup and recovery systems often have extensive system access.

A successful exploit could grant attackers significant access to critical business data and system functions.

a hacker hacked IBM filesa hacker hacked IBM files

Mitigation Steps
IBM has released Program Temporary Fixes (PTFs) to address the vulnerability across the affected versions. Organizations running IBM i Release 7.5 should apply PTF SJ05907, while those on Release 7.4 need to install PTF SJ05906. Both fixes are available through IBM’s support portal and Fix Central.

These patches specifically target the 5770-BR1 product code, addressing the unqualified library call issue that enables privilege escalation. System administrators can download the appropriate PTF from IBM’s MySupport portal using the provided links or access it through the centralized Fix Central repository.

Importantly, IBM has stated that no workarounds or mitigations are available for this vulnerability, making the application of the security patches the only viable solution. This highlights the critical importance of immediate patch deployment for affected systems.

Organizations should prioritize the prompt deployment of the available PTFs, especially in environments where backup systems are network-accessible or where multiple users have compilation or restoration privileges.