CVE-2024-27275 HIGH

CVE-2024-27275: IBM i privilege escalation

Vendor Ibm
Product i
Weakness CWE-266
Published June 15, 2024
Last update September 29, 2025

CVSS base score

7.4/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support.

Key dates

02Disclosure timeline

June 15, 2024 CVE published
September 29, 2025 Record updated