CVE Alert: CVE-2025-33003 - IBM - InfoSphere Information Server

CVE-2025-33003

HIGHNo exploitation known

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.

CVSS v3.1 (7.8)

AV LOCAL · AC HIGH · PR LOW · UI NONE · S CHANGED

Vendor

IBM

Product

InfoSphere Information Server

Versions

11.7.0.0 lte 11.7.1.6

CWE

CWE-250, CWE-250 Execution with Unnecessary Privileges

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Published

2025-10-31T13:04:31.204Z

Updated

2025-10-31T13:57:00.306Z

cpe:2.3:a:ibm:infosphere_information_server:11.7.0.0:*:*:*:*:*:*:*cpe:2.3:a:ibm:infosphere_information_server:11.7.1.6:*:*:*:*:*:*:*

References

https://www.ibm.com/support/pages/node/7246684

AI Summary Analysis

Risk verdict

High risk of local privilege escalation within the container; no KEV exploitation or SSVC exploitation state indicated at present.

Why this matters

If exploited, an attacker could gain root-like capabilities inside the InfoSphere Information Server container, potentially accessing credentials, secrets, or other containers. This undermines container isolation and could facilitate broader data exposure or deployment-wide disruption.

Most likely attack path

Requires local access with low privileges to the host/container environment; attacker could leverage unnecessary privileges to elevate within the container (scope change) and access sensitive data or configurations. Lateral movement is feasible within the container space and may extend to allied services if trust boundaries are misconfigured.

Who is most exposed

Organizations running InfoSphere Information Server in containerised deployments (e.g., Kubernetes or similar) with overly permissive container security contexts or elevated capabilities are most at risk.

Detection ideas

Unusual process privileges within InfoSphere containers (root-level processes started by non-root users)
Sudden privilege escalations or new root-owned binaries within the container
Changes to capabilities, seccomp, or security context configurations
Access to sensitive secrets/configs not normally required by the workload
Anomalous user IDs or shell access activity from non-admin accounts inside the container

Mitigation and prioritisation

Apply patches: move to 11.7.1.0 or 11.7.1.6 and the Microservices tier security patch (DT435105)
Enforce least privilege: run containers as non-root, drop unnecessary Linux capabilities, tighten securityContext
Harden deployment: restrict network access between containers, segment the InfoSphere workload, and use strict RBAC
Validate preconditions: review container image builds and privilege allowances before deployment
If KEV true or EPSS ≥ 0.5, treat as priority 1

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-33003, IBM, infosphere-information-server, OSINT, threatintel