Analysis Summary

A critical vulnerability, tracked as CVE-2025-33108, has been discovered in IBM Backup, Recovery, and Media Services (BRMS) for the i platform, specifically affecting versions 7.5 and 7.4. The flaw originates from an unqualified library call within a BRMS program, allowing potential attackers to gain elevated privileges and execute malicious code on the host operating system. With a CVSS score of high, the issue is rated high in severity and classified under CWE-250: Execution with Unnecessary Privileges.

IBM disclosed the vulnerability in a security bulletin on June 13, 2025, stating that it may allow an attacker with basic capabilities, such as compiling or restoring programs, to leverage user-controlled code execution and gain access beyond the vulnerable component.

The attack vector is notably concerning due to its network accessibility (AV: N), low required privileges (PR:L), and no user interaction (UI: N), combined with a scope change (S :C), which implies that exploitation could affect other system resources outside the targeted component. The vulnerability’s root cause lies in how the BRMS handles library calls without proper qualification, thus enabling code injection and execution with higher-than-intended system privileges. Such an issue is particularly dangerous in enterprise environments, where backup and recovery systems like BRMS often have access to sensitive files, business logic, and system-level operations.

If exploited successfully, this flaw could severely compromise the confidentiality, integrity, and availability of affected systems. Attackers may gain extensive access to system functions and business-critical data, making this vulnerability a valuable target for privilege escalation in multi-user environments. The exploit prerequisites are relatively minimal, requiring only basic user capabilities and network reachability, which makes internal threat actors or compromised user accounts especially risky vectors for attack.

To mitigate the risk, IBM has issued Program Temporary Fixes (PTFs): SJ05907 for IBM i Release 7.5, and SJ05906 for Release 7.4. These patches address the vulnerability in the 5770-BR1 product code, specifically targeting the flawed library call behavior. No alternate workarounds or mitigations are available, meaning that immediate patching is the only recommended course of action. Organizations are strongly advised to prioritize these updates, especially if BRMS is network-exposed or if multiple users possess compilation or restoration permissions, to prevent potential exploitation and maintain operational security.

Impact

• Sensitive Data Theft
• Privilege Escalation
• Code Execution
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-33108

Affected Vendors

Remediation

• Refer to the IBM Security Advisory for patch, upgrade, or suggested workaround information.
• Access the fixes through IBM’s MySupport portal or Fix Central repository
• Especially in systems where BRMS is network-accessible or where users have compilation or restore privileges
• Limit or review user roles with capabilities to compile or restore programs to reduce exposure
• IBM has not provided any temporary mitigations; patching is the only solution
• After installation, validate the patch using IBM’s documentation or system diagnostics
• Regularly monitor IBM’s security bulletins for future updates or related vulnerabilities
• Restrict network access to BRMS where possible to minimize the potential attack surface.