A significant security vulnerability, identified as CVE-2025-36004, has been discovered in multiple versions of IBM i, potentially allowing attackers to escalate privileges through an unqualified library call in the IBM Facsimile Support for i component. This flaw carries a high Common Vulnerability Scoring System (CVSS) base score of 8.8, indicating its severity and the urgency for remediation.
Understanding CVE-2025-36004
The vulnerability stems from an unqualified library call, classified under CWE-427: Uncontrolled Search Path Element. This issue arises when the IBM Facsimile Support for i component fails to properly validate library search paths, allowing attackers to manipulate the system’s library resolution process. Consequently, malicious actors with compilation or program restoration capabilities can execute user-controlled code with administrator privileges, potentially compromising entire IBM i systems.
Technical Details and Exploitation
The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that exploitation requires low-level privileges and can be performed remotely with low attack complexity. This makes the vulnerability particularly concerning for enterprise environments, as it can be exploited without user interaction and affects the confidentiality, integrity, and availability of the targeted system.
When exploited, the vulnerability allows users with compilation or program restoration capabilities to gain elevated privileges by manipulating the library call mechanism. The uncontrolled search path element enables attackers to place malicious libraries in locations where the system will load them instead of legitimate libraries, effectively hijacking the execution flow.
Affected Systems
The vulnerability impacts IBM i versions 7.2, 7.3, 7.4, and 7.5, representing a substantial portion of active IBM i installations in enterprise environments. The specific component containing the vulnerability is IBM Facsimile Support for i, identified by product code 5798-FAX. This component functions as a skip ship product that can be installed across all affected releases, amplifying the potential scope of exploitation.
Potential Impact
The enterprise impact extends beyond individual system compromise, as IBM i systems typically serve as critical infrastructure components in many organizations. Successful privilege escalation could enable attackers to access sensitive business data, modify system configurations, or establish persistent access for future attacks.
Mitigation and Recommendations
IBM has released Program Temporary Fix (PTF) SJ06024 for product 5798-FAX to address the vulnerability across all affected IBM i releases. Organizations are strongly advised to apply this patch promptly to mitigate the risk associated with CVE-2025-36004.
In addition to applying the patch, organizations should consider the following security best practices:
– Regular System Updates: Ensure that all systems are up-to-date with the latest security patches and updates.
– Access Controls: Limit user privileges to the minimum necessary for their roles to reduce the risk of privilege escalation.
– Monitoring and Logging: Implement comprehensive monitoring and logging to detect and respond to suspicious activities promptly.
– Security Training: Provide regular security training to staff to raise awareness about potential threats and safe computing practices.
Conclusion
The discovery of CVE-2025-36004 underscores the importance of proactive security measures and timely patch management in maintaining the integrity of enterprise systems. Organizations utilizing IBM i systems should prioritize the application of the provided PTF and review their security protocols to safeguard against potential exploitation.
