IBM i Vulnerability Enables Attackers to Gain Elevated Privileges

IBM has disclosed a critical security vulnerability affecting multiple versions of its IBM i operating system that could enable attackers to gain elevated privileges through an unqualified library call vulnerability.

The vulnerability, tracked as CVE-2025-36004, carries a high CVSS base score of 8.8 and affects IBM i versions 7.2 through 7.5, potentially impacting organizations worldwide that rely on this enterprise-grade platform for mission-critical operations.

The newly disclosed vulnerability represents a significant security risk for IBM i environments, stemming from an unqualified library call weakness within IBM Facsimile Support for i.

This vulnerability falls under the Common Weakness Enumeration (CWE) category CWE-427, which relates to uncontrolled search path elements that can be exploited by malicious actors.

The vulnerability’s CVSS vector notation (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that attacks can be conducted remotely with low complexity, requiring only low-level privileges and no user interaction.

The technical nature of this vulnerability allows attackers who possess the capability to compile or restore programs on affected systems to execute user-controlled code with administrator privileges.

This privilege escalation represents a critical security breach, as it could potentially grant unauthorized access to sensitive system resources, data, and administrative functions.

The high impact ratings for confidentiality, integrity, and availability in the CVSS assessment underscore the severity of potential security compromises that could result from successful exploitation.

Affected Systems and Attack Vector

The vulnerability impacts a broad range of IBM i deployments with the following characteristics:

Affected Versions:

• IBM i version 7.2
• IBM i version 7.3
• IBM i version 7.4
• IBM i version 7.5

Vulnerable Component:

• IBM Facsimile Support for i (product code 5798-FAX).
• Distributed as a skip ship product installable across affected releases.
• Present in current and recent releases widely deployed in enterprise environments.

Attack Mechanism:

• Exploits unqualified library call mechanism in the system’s search path.
• Attackers place specially crafted programs in strategic system locations.
• System searches for programs without specifying exact library location.
• Malicious programs execute before legitimate programs due to search path manipulation.

Security Recommendations

IBM has released a comprehensive fix for this vulnerability through Program Temporary Fix (PTF) SJ06024, which addresses the security vulnerability across all affected IBM i versions.

Notably, IBM has indicated that no workarounds or mitigations are available for this vulnerability, making the application of the security patch the only effective defense against potential attacks.

The company strongly recommends that organizations running unsupported versions of IBM i upgrade to supported and fixed versions to ensure comprehensive security coverage.

The vulnerability was responsibly disclosed to IBM by security researcher Zoltan Panczel from Silent Signal, highlighting the importance of collaborative security research in identifying and addressing critical system vulnerabilities.

This high-severity vulnerability underscores the critical importance of maintaining current security patches across enterprise IBM i environments.

Organizations should prioritize the immediate deployment of PTF SJ06024 and establish robust patch management processes to address future security updates promptly.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.