IBM i Vulnerability Exposes System to Privilege Escalation Attacks

IBM has issued an urgent security bulletin addressing a high-severity privilege escalation vulnerability (CVE-2025-36004) in IBM i’s Facsimile Support component.

The flaw, scored 8.8 on the CVSS v3.1 scale, allows attackers with program compilation or restoration capabilities to execute arbitrary code with administrator privileges.

This vulnerability stems from an unqualified library call (CWE-427) in IBM Facsimile Support for i (5798-FAX), enabling malicious actors to hijack library search paths and escalate privileges.

Affected Systems and Remediation

The vulnerability impacts IBM i releases 7.2, 7.3, 7.4, and 7.5. IBM has released a Program Temporary Fix (PTF) SJ06024 to resolve the issue.

Administrators must apply this PTF immediately via IBM Fix Central:

• Download Link: SJ06024 for IBM i 7.2-7.5.
  No workarounds or mitigations exist, making patching critical. IBM emphasizes upgrading unsupported versions, as they remain permanently vulnerable.

Technical Mechanism and Risks

The exploit leverages path traversal weaknesses in library calls within IBM Facsimile Support.

When a user compiles or restores a program, the system fails to validate library paths, allowing unauthorized code injection.

Successful exploitation grants root-equivalent privileges, enabling complete system compromise.

This flaw mirrors earlier vulnerabilities like CVE-2023-43064, which similarly exploited unqualified calls in fax components.

Broader Security Context

This bulletin follows multiple critical IBM i vulnerabilities patched in 2024-2025, including:

• CVE-2025-33103: Privilege escalation in TCP/IP Utilities (CVSS 8.5).
• CVE-2024-0760: ISC BIND denial-of-service flaw (CVSS 7.5).
• CVE-2023-4759: Code execution via Eclipse JGit (CVSS 8.8).
  Silent Signal researcher Zoltan Panczel reported CVE-2025-36004, highlighting ongoing risks in legacy IBM components.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates