CVE-2025-36004
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-03
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | i | 7.2 |
| ibm | i | 7.3 |
| ibm | i | 7.4 |
| ibm | i | 7.5 |
| ibm | i | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM i versions 7.2, 7.3, 7.4, and 7.5 occurs in the IBM Facsimile Support for i component due to an unqualified library call. It allows a user who can compile or restore a program to execute user-controlled code with administrator privileges, effectively enabling privilege escalation. The issue is classified under CWE-427 (Uncontrolled Search Path Element). [1]
How can this vulnerability impact me? :
The vulnerability can allow a malicious actor to run arbitrary code with administrator rights on affected IBM i systems. This can lead to a complete compromise of confidentiality, integrity, and availability of the system, as the attacker gains elevated privileges and can control or disrupt system operations. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the Program Temporary Fix (PTF) SJ06024 included in the 5798-FAX PTF package to your IBM i system running versions 7.2, 7.3, 7.4, or 7.5. This fix addresses the unqualified library call vulnerability in IBM Facsimile Support for i. IBM strongly recommends upgrading unsupported versions to supported ones with the fix applied. No workarounds or alternative mitigations are available. [1]