CVE-2025-2947 is a high-severity privilege escalation vulnerability affecting IBM i version 7.6. The vulnerability arises from insecure preserved inherited permissions due to incorrect profile swapping during the execution of an operating system command. Specifically, the flaw is categorized under CWE-278, which relates to improper enforcement of permissions. In this context, the IBM i OS command fails to correctly manage user profile privileges when swapping profiles, allowing a malicious actor with some level of access (already possessing high privileges) to escalate their privileges to root-level access on the host operating system. This escalation can lead to full control over the system, enabling the attacker to execute arbitrary commands, access sensitive data, modify system configurations, and potentially disrupt availability. The CVSS v3.1 base score is 7.2, indicating a high severity with the vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. This means the vulnerability is exploitable remotely over the network with low attack complexity, requires high privileges but no user interaction, and impacts confidentiality, integrity, and availability significantly. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved on March 29, 2025, and published on April 17, 2025. The issue is critical because IBM i systems are often used in enterprise environments for critical business applications, and root access compromises the entire system security.

For European organizations using IBM i 7.6, this vulnerability poses a significant risk. IBM i systems are widely deployed in sectors such as finance, manufacturing, retail, and government agencies across Europe. An attacker exploiting this vulnerability could gain root access, leading to unauthorized data access, data manipulation, disruption of business-critical applications, and potential compliance violations under regulations like GDPR. The ability to escalate privileges remotely means that even internal threats or compromised accounts with elevated privileges could fully compromise the system. This could result in operational downtime, financial losses, reputational damage, and legal consequences. Given the high impact on confidentiality, integrity, and availability, organizations relying on IBM i 7.6 must prioritize addressing this vulnerability to maintain their security posture and regulatory compliance.

1. Immediate mitigation should include restricting access to IBM i 7.6 systems to trusted administrators only, minimizing the number of users with high privileges to reduce the attack surface. 2. Monitor and audit the use of OS commands that involve profile swapping to detect any anomalous or unauthorized activity. 3. Implement network segmentation and firewall rules to limit remote access to IBM i systems, especially from untrusted networks. 4. Since no patch is currently linked, engage with IBM support to obtain any available security updates or workarounds. 5. Employ application whitelisting and integrity monitoring on IBM i systems to detect unauthorized changes. 6. Conduct regular security assessments and penetration testing focused on privilege escalation vectors. 7. Educate system administrators about the risks of privilege escalation and enforce strict credential management policies. 8. Prepare incident response plans specifically for IBM i environments to quickly contain and remediate any exploitation attempts.