CVE-2025-36004 is a high-severity vulnerability affecting IBM i operating system versions 7.2, 7.3, 7.4, and 7.5. The vulnerability arises from an uncontrolled search path element (CWE-427) in the IBM Facsimile Support for i component. Specifically, the issue is due to an unqualified library call, which means that the system does not properly specify the full path when loading libraries or executables. This flaw allows a malicious actor with limited privileges to influence the search path and cause the system to load and execute user-controlled code instead of the intended trusted library. Consequently, this can lead to privilege escalation, enabling the attacker to execute arbitrary code with administrator-level privileges on the affected IBM i system. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and no user interaction required. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity make it a critical concern for organizations relying on IBM i platforms, especially those using the Facsimile Support feature. The vulnerability could be exploited remotely by an authenticated user with limited privileges, making it a significant risk for insider threats or compromised accounts. The lack of a published patch at the time of disclosure necessitates immediate attention to mitigate potential exploitation.

For European organizations, the impact of CVE-2025-36004 can be substantial, particularly for enterprises and public sector entities that utilize IBM i systems for critical business operations, such as banking, manufacturing, logistics, and government services. Successful exploitation could lead to full system compromise, allowing attackers to access sensitive data, disrupt services, or deploy further malware. The elevated privileges gained could bypass existing security controls, leading to data breaches or operational downtime. Given the IBM i platform's role in handling transactional and legacy applications, exploitation could also affect data integrity and availability, potentially causing significant financial and reputational damage. Furthermore, the vulnerability could be leveraged in targeted attacks or insider threat scenarios, increasing the risk profile for organizations with complex IT environments. The absence of known exploits currently provides a window for proactive defense, but the high severity score indicates that organizations should prioritize mitigation to prevent future exploitation attempts.

To mitigate CVE-2025-36004 effectively, European organizations should take the following specific actions: 1) Immediately review and restrict access to IBM Facsimile Support for i, disabling or uninstalling the component if it is not essential to business operations. 2) Implement strict library path controls by ensuring that all library calls in custom or third-party applications specify absolute paths to prevent unqualified library loading. 3) Enforce the principle of least privilege by auditing user permissions on IBM i systems, removing unnecessary administrative rights, and monitoring for anomalous privilege escalations. 4) Apply any available IBM security advisories or patches as soon as they are released; in the absence of patches, consider temporary compensating controls such as application whitelisting or enhanced logging and alerting on suspicious library load activities. 5) Conduct regular security assessments and penetration testing focused on privilege escalation vectors within IBM i environments. 6) Educate system administrators and security teams about this vulnerability to ensure rapid detection and response to potential exploitation attempts. 7) Utilize network segmentation and access controls to limit exposure of IBM i systems to untrusted networks or users.