CVE-2025-36367

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36367
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7249915
Configurations

No configuration.

History

01 Nov 2025, 13:15

Type Values Removed Values Added
Summary (en) IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check.  A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system. (en) IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system.

01 Nov 2025, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-01 12:15

Updated : 2025-11-04 15:41

NVD link : CVE-2025-36367

Mitre link : CVE-2025-36367

CVE.ORG link : CVE-2025-36367

JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization