CVE-2024-25021: IBM AIX command execution

Q: What is the severity of CVE-2024-25021?

CVE-2024-25021 has been classified as a high severity vulnerability due to its potential for local exploitation.

Q: How do I fix CVE-2024-25021?

To fix CVE-2024-25021, update your IBM AIX to a version later than 7.3 and VIOS to a version later than 4.1.

Q: Who is affected by CVE-2024-25021?

CVE-2024-25021 affects non-privileged local users of IBM AIX 7.3 and IBM VIOS 4.1 installations.

Q: What can attackers do with CVE-2024-25021?

Attackers exploiting CVE-2024-25021 can execute arbitrary commands on the affected systems.

Q: When was CVE-2024-25021 disclosed?

CVE-2024-25021 was disclosed in January 2024.

Published Feb 21, 2024

Updated

IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.

Other sources

IBM AIX's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands.

— IBM

Affected Software

4 affected components

IBM AIX<=7.3

IBM VIOS<=4.1

IBM VIOS=4.1

IBM AIX=7.3

Event History

Feb 21, 2024

CVE Published

via IBM·12:00 AM

Feb 22, 2024

CVE Published

via MITRE·11:39 AM

Data Sourced

via MITRE·11:39 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·12:15 PM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7122628

Frequently Asked Questions

What is the severity of CVE-2024-25021?

CVE-2024-25021 has been classified as a high severity vulnerability due to its potential for local exploitation.

How do I fix CVE-2024-25021?

To fix CVE-2024-25021, update your IBM AIX to a version later than 7.3 and VIOS to a version later than 4.1.

Who is affected by CVE-2024-25021?