IBM i Vulnerability Allows Attackers to Escalate Privileges
A critical security vulnerability has been identified in IBM i, potentially allowing attackers to escalate privileges and execute arbitrary code with administrator rights.
The flaw, tracked as CVE-2025-36004, affects IBM Facsimile Support for i across multiple versions of the IBM i operating system, raising concerns for organizations relying on this platform for business-critical operations.
Vulnerability Overview
The vulnerability stems from an unqualified library call in IBM Facsimile Support for i, classified under CWE-427: Uncontrolled Search Path Element.
This weakness enables a user with the ability to compile or restore a program to inject user-controlled code, which then runs with elevated, administrative privileges.
As a result, a malicious actor could gain unauthorized access to sensitive system resources, compromise the integrity and availability of the system, and potentially take full control of the affected IBM i environment.
CVE ID | Description | CVSS Base Score | Affected Versions |
CVE-2025-36004 | Unqualified library call in IBM Facsimile Support for i allows privilege escalation to admin user. | 8.8 | IBM i 7.5, 7.4, 7.3, 7.2 |
Affected Products and Impact
The vulnerability impacts the following IBM i versions:
- IBM i 7.5
- IBM i 7.4
- IBM i 7.3
- IBM i 7.2
A successful exploit could allow an attacker with low-privileged network access to execute code with the highest system privileges, leading to full system compromise.
The attack does not require user interaction and can be performed remotely, significantly increasing the risk profile for exposed systems.
IBM has released a Program Temporary Fix (PTF) for the affected product, specifically for the 5798-FAX component.
IBM recommends all users running unsupported versions of affected products upgrade to a supported and fixed version to ensure ongoing protection.
In addition to applying the official patch, security experts advise organizations to:
- Implement strict access controls and monitor privileged activities.
- Restrict network access to IBM i systems.
- Regularly audit system configurations and validate library call paths.
- Monitor system logs for suspicious behavior.
The vulnerability was responsibly reported to IBM by Zoltan Panczel of Silent Signal. IBM published the security bulletin on June 24, 2025, and no public proof-of-concept exploit is currently known to exist.
Organizations using IBM i are urged to act swiftly to mitigate this high-severity threat and safeguard their critical infrastructure.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link