CVE-2025-36004 | THREATINT

Description

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.

PUBLISHED Reserved 2025-04-15 | Published 2025-06-25 | Updated 2026-02-26 | Assigner ibm

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status

unaffected

7.2

affected

7.3

affected

7.4

affected

7.5

affected

Credits

Zoltan Panczel finder

References

www.ibm.com/support/pages/node/7237732 vendor-advisory patch

cve.org (CVE-2025-36004)

nvd.nist.gov (CVE-2025-36004)

Download JSON