CVE-2025-36367 is a critical vulnerability identified in IBM i operating system versions 7.2 through 7.6, caused by a missing authorization check in the IBM i SQL services. Specifically, the flaw allows a user with limited privileges to leverage the elevated privileges of another user profile improperly, resulting in privilege escalation to root-level access on the host OS. This vulnerability is categorized under CWE-862 (Missing Authorization), indicating that the system fails to properly verify whether a user is authorized to perform certain actions. The vulnerability can be exploited remotely over the network (AV:N) with low attack complexity (AC:L), requiring only privileges of a low-level user (PR:L) and no user interaction (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), as an attacker gaining root access can fully control the system, access sensitive data, modify or delete data, and disrupt services. Although no known exploits have been reported in the wild yet, the severity score of 8.8 (CVSS v3.1) highlights the critical nature of this vulnerability. IBM i systems are widely used in enterprise environments, particularly in sectors such as finance, manufacturing, and government, where system integrity and data confidentiality are paramount. The vulnerability arises from an invalid authorization check in SQL services, which are commonly used for database operations, making the attack vector plausible in environments where SQL services are accessible to users with limited privileges. The absence of a patch link suggests that remediation may still be pending or in development, underscoring the need for immediate risk mitigation strategies.

For European organizations, the impact of CVE-2025-36367 is significant due to the widespread use of IBM i systems in critical industries such as banking, manufacturing, telecommunications, and government agencies. Successful exploitation would allow attackers to gain root access, leading to full system compromise. This can result in unauthorized data disclosure, data tampering, service disruption, and potential lateral movement within networks. The breach of confidentiality and integrity could undermine regulatory compliance obligations under GDPR and other data protection laws, exposing organizations to legal and financial penalties. Additionally, availability impacts could disrupt essential business operations and critical infrastructure services. The high severity and network exploitability increase the risk of targeted attacks or insider threats leveraging this vulnerability. European organizations with interconnected supply chains and critical infrastructure are particularly vulnerable to cascading effects from such a compromise.

1. Monitor IBM’s official security advisories closely and apply patches or security updates as soon as they become available to address CVE-2025-36367. 2. Until patches are released, restrict access to IBM i SQL services to only trusted and necessary user accounts, employing network segmentation and firewall rules to limit exposure. 3. Implement strict access controls and regularly audit user privileges to detect and remove unnecessary elevated permissions that could be exploited. 4. Enable detailed logging and monitoring of SQL service usage and privilege escalation attempts to detect suspicious activities early. 5. Employ intrusion detection/prevention systems (IDS/IPS) tuned to identify anomalous behavior related to privilege escalation on IBM i systems. 6. Conduct regular security assessments and penetration testing focused on IBM i environments to identify and remediate potential weaknesses. 7. Educate system administrators and security teams about this vulnerability and the importance of rapid response to privilege escalation indicators. 8. Consider deploying application whitelisting and endpoint protection solutions that can prevent unauthorized execution of elevated commands on IBM i hosts.