CVE-2025-36193

Published: Sep 3, 2025Modified: Sep 29, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image.

Affected (1)

Products: Ibm: Transformation Advisor

Ibm

1 product

Transformation Advisor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Transformation Advisor	From 2.0.1 to 4.3.2

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://www.ibm.com/support/pages/node/7243632

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.