CVE-2025-36004 is a vulnerability categorized under CWE-427 (Uncontrolled Search Path Element) impacting IBM i operating system versions 7.2, 7.3, 7.4, and 7.5. The root cause is an unqualified library call within the IBM Facsimile Support for i component, which allows an attacker with limited privileges to influence the search path used by the system to load libraries. By manipulating this path, an attacker can cause the system to load and execute malicious code with elevated administrator privileges. This elevation of privilege can lead to full system compromise. The vulnerability is remotely exploitable without user interaction, increasing its risk profile. The CVSS v3.1 base score of 8.8 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and only requiring low privileges. No public exploits are known yet, but the potential for serious damage is significant given the administrative access gained. The vulnerability highlights the risks of improper library path handling in critical system components and the importance of secure coding practices in system-level software.

The exploitation of CVE-2025-36004 can have severe consequences for organizations globally. Attackers gaining administrator privileges can fully control affected IBM i systems, leading to unauthorized data access, data manipulation, or destruction. This can disrupt business operations, compromise sensitive information, and potentially allow attackers to pivot to other network segments. Given IBM i's widespread use in industries such as finance, manufacturing, and government, the impact could extend to critical infrastructure and essential services. The vulnerability threatens confidentiality by exposing sensitive data, integrity by allowing unauthorized changes, and availability by enabling denial-of-service or system sabotage. The ease of exploitation and high privileges gained make this a critical risk for organizations relying on IBM i environments, especially those with facsimile support enabled.

To mitigate CVE-2025-36004, organizations should: 1) Immediately audit and restrict user permissions to minimize the number of users with access to facsimile support components. 2) Implement strict controls on library search paths, ensuring only trusted directories are included and unqualified library calls are avoided. 3) Monitor system logs and library load activities for anomalies indicative of path manipulation or unauthorized code execution attempts. 4) Apply any IBM-issued patches or updates promptly once they become available. 5) Consider disabling IBM Facsimile Support for i if it is not required, reducing the attack surface. 6) Conduct regular security assessments and code reviews focusing on library path handling in custom and third-party software. 7) Employ application whitelisting and integrity monitoring to detect unauthorized changes to system libraries. These targeted actions go beyond generic advice by focusing on the specific root cause and attack vector of this vulnerability.