CVE-2025-36367

Summary

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.

Affected Software

VendorProductVersion RangeStatus
IBMi7.6affected
IBMi7.5affected
IBMi7.4affected
IBMi7.3affected
IBMi7.2affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References