Security Advisory

IBM Product Security Update Advisory

  • Jul 29 2025
IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-33109

 

IBM i Version: 7.6
IBM i Version: 7.5
IBM i Version: 7.4
IBM i Version: 7.3
IBM i Version: 7.2

 

CVE-2025-3357

 

IBM Tivoli Monitoring Version: 6.3.0.7 or later and 6.3.0.7 Service Pack 19 or earlier

 

 

Resolved Vulnerabilities

 

Privilege escalation vulnerability due to improper database privilege validation on IBM i (CVE-2025-33109)

Remote code execution vulnerability due to improper validation of index values in IBM Tivoli Monitoring (CVE-2025-3357)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-33109

 

IBM i 7.6 Versions: SJ05809, SJ05810, SJ05837, SJ05960, SJ06021, SJ06219
IBM i 7.5 Versions: SJ05838, SJ05847, SJ05850, SJ05851, SJ05953, SJ06022
IBM i 7.4 Versions: SJ05839, SJ05846, SJ05852, SJ05853, SJ05959, SJ06023
IBM i 7.3 Versions: SJ05840, SJ05845, SJ05854, SJ05855, SJ05966, SJ06477
IBM i 7.2 versions: SJ05842, SJ05844, SJ05856, SJ05857, SJ05965, SJ06478

 

CVE-2025-3357

 

IBM Tivoli Monitoring Version: 6.3.0.7-TIV-ITM-SP0020

 

 

References

 

[1] Security Bulletin: IBM i is vulnerable to a privilege escalation due to an invalid database authority check [CVE-2025-33109].
https://www.ibm.com/support/pages/node/7240410

[2] Security Bulletin: IBM Tivoli Monitoring is affected by an insufficient validation of input data
https://www.ibm.com/support/pages/node/7234923

Tags:
Previous Post

Next Post