CVE-2025-36004 is a high-severity vulnerability affecting IBM i operating system versions 7.2, 7.3, 7.4, and 7.5. The flaw arises from an uncontrolled search path element (CWE-427) within the IBM Facsimile Support component. Specifically, the vulnerability is due to an unqualified library call, which means that the system does not specify an absolute or secure path when loading libraries or executables. This allows a malicious actor to influence the search path and cause the system to load and execute user-controlled code instead of the intended trusted library. Because this code runs with administrator privileges, exploitation results in privilege escalation, enabling the attacker to gain elevated rights on the system. The CVSS v3.1 score of 8.8 reflects the critical nature of this vulnerability, with network attack vector, low attack complexity, requiring low privileges but no user interaction, and impacting confidentiality, integrity, and availability at a high level. Although no known exploits have been reported in the wild yet, the vulnerability's characteristics make it a significant risk, especially in environments where IBM i systems are used for critical business operations. The lack of patch links suggests that remediation may still be pending or that users must rely on vendor advisories for updates.

For European organizations, the impact of CVE-2025-36004 can be substantial. IBM i systems are widely used in industries such as manufacturing, finance, logistics, and government agencies across Europe. Successful exploitation could lead to unauthorized administrative access, allowing attackers to manipulate sensitive data, disrupt business processes, or deploy further malware. The compromise of confidentiality could expose personal or financial data protected under GDPR, leading to regulatory penalties and reputational damage. Integrity violations could corrupt critical business data or system configurations, while availability impacts could cause operational downtime. Given the network attack vector and no requirement for user interaction, attackers could remotely exploit vulnerable systems, increasing the risk of widespread compromise in interconnected enterprise environments. The vulnerability's presence in multiple IBM i versions means that organizations running legacy or current systems are all at risk, particularly if they have not implemented strict library path controls or monitoring.

To mitigate CVE-2025-36004 effectively, European organizations should: 1) Immediately audit IBM i systems to identify the presence and version of IBM Facsimile Support and verify if unqualified library calls are used. 2) Apply any available IBM patches or security updates as soon as they are released; monitor IBM security advisories closely. 3) Implement strict path validation and enforce the use of fully qualified library paths in system configurations and custom scripts to prevent loading untrusted code. 4) Restrict write permissions on directories and libraries involved in the facsimile support path to trusted administrators only, reducing the risk of malicious code placement. 5) Employ runtime application self-protection (RASP) or integrity monitoring tools to detect unauthorized changes or execution of unexpected binaries. 6) Conduct regular privilege audits and limit administrative privileges to the minimum necessary to reduce the attack surface. 7) Monitor network traffic and system logs for unusual activity indicative of exploitation attempts, such as unexpected process launches or privilege escalations. 8) Consider network segmentation to isolate IBM i systems from less trusted network zones, limiting exposure to external attackers.