CVE-2025-36119 is an authentication bypass vulnerability categorized under CWE-290 that affects IBM i operating system versions 7.3, 7.4, 7.5, and 7.6. The vulnerability resides in the IBM Digital Certificate Manager for i (DCM), a component responsible for managing digital certificates and cryptographic keys. An attacker who is already authenticated with low-level privileges can exploit a web session hijacking flaw to elevate their privileges to administrator level within DCM. This elevation allows the attacker to perform administrative actions such as managing certificates, potentially compromising the cryptographic integrity of the system. The vulnerability arises due to improper session management and insufficient verification of user privileges during web interactions with DCM. Exploitation does not require user interaction beyond initial authentication but does require the attacker to have some authenticated access. The CVSS v3.1 base score is 7.1, reflecting high impact on confidentiality and integrity, moderate impact on availability, and a requirement for low privileges and high attack complexity. No public exploits are known at this time, and IBM has not yet released patches, though the vulnerability is publicly disclosed and assigned a CVE identifier. Organizations using affected IBM i versions should monitor for updates and consider interim mitigations to protect their DCM environments.

The impact of CVE-2025-36119 is significant for organizations using IBM i systems with IBM Digital Certificate Manager. By allowing an authenticated user with limited privileges to escalate to administrator level, attackers can manipulate digital certificates and cryptographic keys, undermining the trust model of secure communications and authentication within the organization. This can lead to unauthorized issuance or revocation of certificates, interception or decryption of sensitive data, and disruption of secure services. The compromise of certificate management can have cascading effects on other systems relying on these certificates for authentication and encryption. Additionally, administrative control over DCM could allow attackers to persist within the environment and evade detection. Given the widespread use of IBM i in industries such as finance, manufacturing, and government, the vulnerability poses a risk to critical infrastructure and sensitive data protection globally. Although no known exploits are reported, the potential for targeted attacks is high, especially in environments where IBM i systems are integral to business operations.

To mitigate CVE-2025-36119, organizations should take the following specific actions: 1) Monitor IBM’s official channels closely for the release of security patches addressing this vulnerability and apply them promptly upon availability. 2) Restrict access to IBM Digital Certificate Manager interfaces to only trusted and necessary users, employing network segmentation and access control lists to limit exposure. 3) Implement enhanced session management controls such as enforcing secure cookies, using HTTPS exclusively, and monitoring for anomalous session behavior to detect potential hijacking attempts. 4) Audit and review user privileges regularly to ensure that only authorized personnel have access to DCM and that low-privilege users are minimized. 5) Deploy multi-factor authentication (MFA) for all users accessing IBM i systems and DCM to reduce the risk of credential compromise. 6) Enable detailed logging and real-time monitoring of DCM administrative actions to detect unauthorized privilege escalations quickly. 7) Consider temporary compensating controls such as disabling web access to DCM if feasible until patches are applied. These steps go beyond generic advice by focusing on session security, access restriction, and proactive monitoring tailored to the nature of this vulnerability.