CVE-2025-25029: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 12.0 contains a security vulnerability (CVE-2025-25029) discovered and disclosed on May 27, 2025. The vulnerability affects the file system access control mechanisms, allowing privileged users to download arbitrary files from the system due to improper escaping of input (IBM Advisory, NVD).

The vulnerability is classified as CWE-116 (Improper Encoding or Escaping of Output) and has been assessed with a CVSS v3.1 Base Score of 4.9 (MEDIUM), with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The National Vulnerability Database has assigned a slightly higher CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (IBM Advisory, NVD).

The vulnerability enables privileged users to download any file present on the system, potentially leading to unauthorized access to sensitive system files and data. This could result in the exposure of confidential information stored within the IBM Security Guardium 12.0 system (IBM Advisory).

IBM has released a patch to address this vulnerability in IBM Guardium Data Protection 12.0. Customers are advised to update their systems promptly using the fix available through IBM Fix Central (IBM Advisory).