Do Son 
IBM has issued a security advisory addressing a high-severity vulnerability in IBM i, its integrated operating system for Power Systems, which could allow a user to gain elevated privileges by exploiting an unqualified library call in the IBM Facsimile Support for i component.
The flaw, tracked as CVE-2025-36004, carries a CVSS v3.1 base score of 8.8, indicating a high risk of exploitation if left unpatched.
“IBM i could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege,” IBM stated in its bulletin.
The vulnerability impacts the following versions of IBM i:
- IBM i 7.5
- IBM i 7.4
- IBM i 7.3
- IBM i 7.2
This vulnerability arises from the way library calls are handled within IBM Facsimile Support for i. If unqualified, these calls can inadvertently load and execute malicious user-controlled code with elevated privileges—potentially giving attackers full administrative control over the system.
IBM has released a Program Temporary Fix (PTF) to address the issue across all affected versions. The fix is part of product 5798-FAX, which is installable on IBM i versions 7.2 through 7.5.
The patch can be obtained via IBM’s support portal using the PTF number SJ06024.
Organizations running IBM i are strongly urged to apply the fix immediately, especially in multi-user or shared environments where the risk of internal privilege escalation is significant.
Related Posts:
- Privilege Escalation Flaw in IBM Backup Services Threatens IBM i Environments (CVE-2025-33108)
- IBM Completes Acquisition of HashiCorp, Ushering in New Era of Hybrid Cloud Automation
- IBM created the world’s smallest computer
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
