CVE-2025-12985

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/license-service-privilege-escalation-vulnerability

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) IBM Licensing Operator asigna incorrectamente privilegios a archivos críticos de seguridad, lo que podría permitir una escalada local de privilegios de root dentro de un contenedor que ejecuta la imagen de IBM Licensing Operator.

20 Jan 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-20 15:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-12985

Mitre link : CVE-2025-12985

CVE.ORG link : CVE-2025-12985

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

8.4 /10