CVE-2025-3473: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 12.1 has been identified with a privilege escalation vulnerability (CVE-2025-3473), discovered and disclosed on June 11, 2025. The vulnerability affects IBM Security Guardium Data Protection version 12.1, allowing local privileged users to escalate their privileges to root level due to insecure inherited permissions created by the program (IBM Advisory, Wiz).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The technical assessment indicates that the vulnerability requires local access (AV:L) with low attack complexity (AC:L) and high privileges (PR:H), but no user interaction (UI:N). The vulnerability is classified under CWE-277 (Insecure Inherited Permissions) (IBM Advisory, Wiz).

If exploited, this vulnerability allows a local privileged user to escalate their privileges to root level, potentially gaining complete control over the affected system. This could lead to high impacts on confidentiality, integrity, and availability of the system as indicated by the CVSS metrics (C:H/I:H/A:H) (IBM Advisory).

IBM has released a fix for this vulnerability and strongly encourages customers to update their systems promptly. The fix is available through IBM Fix Central for IBM Guardium Data Protection 12.1. No temporary workarounds or mitigations have been identified (IBM Advisory).