IBM i Vulnerability Allows Let Attackers Escalate Privileges

A critical security vulnerability affecting multiple versions of IBM i that could allow attackers to escalate privileges through an unqualified library call in IBM Facsimile Support for i. 

The vulnerability, tracked as CVE-2025-36004, carries a high CVSS base score of 8.8 and affects a significant portion of IBM i installations across enterprise environments. 

Security researchers from Silent Signal discovered and reported this flaw, which enables malicious actors to execute user-controlled code with administrator privileges, potentially compromising entire IBM i systems.

Summary
1. IBM i systems (versions 7.2-7.5) contain a high-severity privilege escalation flaw (CVE-2025-36004) in IBM Facsimile Support for i component.
2. Exploits unqualified library call vulnerability allowing attackers with compilation/restoration privileges to execute malicious code with administrator rights.
3. Affects all major IBM i releases currently in use across enterprise environments.
4. IBM released PTF SJ06024 for product 5798-FAX to address the vulnerability.

Critical Privilege Escalation Flaw (CVE-2025-36004)

The core of CVE-2025-36004 lies in an unqualified library call vulnerability classified under CWE-427: Uncontrolled Search Path Element. 

This weakness occurs when IBM Facsimile Support for i fails to properly validate library search paths, allowing attackers to manipulate the system’s library resolution process. 

The vulnerability’s CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that exploitation requires low-level privileges and can be performed remotely with low attack complexity, making it particularly concerning for enterprise environments.

When exploited, the vulnerability allows users with compilation or program restoration capabilities to gain elevated privileges by manipulating the library call mechanism. 

The uncontrolled search path element enables attackers to place malicious libraries in locations where the system will load them instead of legitimate libraries, effectively hijacking the execution flow. 

This type of attack vector is especially dangerous because it can occur without user interaction and affects the confidentiality, integrity, and availability of the targeted system with high impact ratings across all three categories.

Risk Factors	Details
Affected Products	IBM i versions 7.2, 7.3, 7.4, 7.5IBM Facsimile Support for i (5798-FAX)
Impact	Privilege escalation
Exploit Prerequisites	– User account with program compilation or restoration capabilities- Low-level privileges (PR:L)- Network access to target system- No user interaction required
CVSS 3.1 Score	8.8 (High)

Affected Systems

The vulnerability impacts four major IBM i releases: versions 7.2, 7.3, 7.4, and 7.5, representing a substantial portion of active IBM i installations in enterprise environments. 

IBM Facsimile Support for i, identified by product code 5798-FAX, is the specific component containing the vulnerability. 

This component functions as a skip ship product that can be installed across all affected releases, amplifying the potential scope of exploitation.

The enterprise impact extends beyond individual system compromise, as IBM i systems typically serve as critical infrastructure components in many organizations. 

Successful privilege escalation could enable attackers to access sensitive business data, modify system configurations, or establish persistent access for future attacks. 

IBM has released PTF SJ06024 for product 5798-FAX to address the vulnerability across all affected IBM i releases. 

Organizations can download the patch through IBM’s Fix Central portal or the direct PTF download link provided in the security bulletin. 

The patch addresses the unqualified library call issue by implementing proper path validation and library resolution controls.

IBM strongly recommends immediate deployment of PTF SJ06024 across all affected systems, as no workarounds or mitigations exist for this vulnerability. 

Organizations running unsupported IBM i versions should prioritize upgrading to supported releases and applying the security fix. 

Given the high CVSS score and potential for remote exploitation, this vulnerability should be treated as a critical security priority requiring expedited patch deployment.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now 

The post IBM i Vulnerability Allows Let Attackers Escalate Privileges appeared first on Cyber Security News.