CVE-2025-36119 is a high-severity authentication bypass vulnerability affecting IBM i operating system versions 7.3, 7.4, 7.5, and 7.6. The vulnerability resides in the IBM Digital Certificate Manager for i (DCM) component, which is responsible for managing digital certificates and cryptographic keys on IBM i systems. Specifically, the flaw allows an authenticated user with limited privileges to escalate their privileges to administrator level by exploiting a web session hijacking vulnerability. This means that an attacker who has valid user credentials but lacks administrative rights can manipulate or spoof web session tokens or identifiers to impersonate an administrator within the DCM interface. The vulnerability is classified under CWE-290 (Authentication Bypass by Spoofing), indicating that the authentication mechanism can be circumvented through session manipulation. The CVSS 3.1 base score is 7.1, reflecting a high severity with network attack vector, high attack complexity, low privileges required, no user interaction, and impacts on confidentiality and integrity with limited availability impact. Although no known exploits are currently reported in the wild, the potential for privilege escalation to administrator level poses significant risk. The absence of published patches at the time of reporting suggests that affected organizations need to implement interim mitigations and monitor IBM advisories closely. Given the critical role of DCM in managing cryptographic assets, exploitation could lead to unauthorized certificate issuance, key compromise, and broader system trust violations.

For European organizations utilizing IBM i systems in versions 7.3 through 7.6, this vulnerability presents a substantial risk. The ability for a non-administrative authenticated user to escalate privileges within the Digital Certificate Manager undermines the security of cryptographic operations, potentially allowing unauthorized issuance or revocation of digital certificates. This can compromise secure communications, authentication mechanisms, and data integrity across enterprise applications relying on these certificates. Confidentiality is at high risk as attackers could access sensitive cryptographic material or manipulate certificate-based authentication. Integrity is also heavily impacted since attackers could alter certificate configurations or inject malicious certificates, leading to trust chain failures or man-in-the-middle attacks. Availability impact is lower but still present if administrative functions are disrupted. European organizations in sectors such as finance, government, healthcare, and critical infrastructure that rely on IBM i for backend processing and cryptographic management are particularly vulnerable. The vulnerability could facilitate lateral movement within networks, data breaches, and regulatory compliance violations under GDPR and other data protection laws. The lack of known exploits currently provides a window for mitigation, but the high severity score and ease of exploitation by authenticated users necessitate urgent attention.

1. Immediate mitigation should include restricting access to IBM Digital Certificate Manager interfaces to only trusted and necessary personnel, enforcing strict access controls and network segmentation to limit exposure. 2. Implement enhanced monitoring and logging of DCM administrative activities to detect anomalous privilege escalations or session anomalies indicative of hijacking attempts. 3. Employ multi-factor authentication (MFA) for all users accessing IBM i systems and specifically the DCM interface to reduce risk from compromised credentials. 4. Regularly review and audit user privileges to ensure the principle of least privilege is enforced, removing unnecessary access rights. 5. Apply any IBM-issued patches or security updates as soon as they become available. 6. Consider deploying web application firewalls or session management controls that can detect and block session hijacking attempts. 7. Educate users about secure session handling and the risks of session token exposure. 8. Conduct penetration testing focused on session management and privilege escalation vectors within IBM i environments to proactively identify weaknesses. These steps go beyond generic advice by focusing on session security, access control tightening, and proactive detection tailored to the IBM i DCM context.