CVE-2025-36367 is a vulnerability classified under CWE-862 (Missing Authorization) that affects IBM i operating system versions 7.2 through 7.6. The root cause is an invalid authorization check within IBM i SQL services, which fails to properly verify the privileges of the requesting user. This flaw allows an attacker who already has some level of access (with privileges of another user profile) to escalate their privileges to root level on the host operating system. The vulnerability does not require user interaction and can be exploited remotely over the network (CVSS vector AV:N). The attack complexity is low (AC:L), and the attacker must have some privileges (PR:L) but no additional authentication or user interaction is needed. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning an attacker can fully compromise the system, access sensitive data, modify or delete data, and disrupt system operations. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity make it a critical risk for organizations relying on IBM i systems. IBM i is widely used in enterprise environments for critical business applications, especially in industries such as finance, manufacturing, and logistics. The vulnerability's exploitation could lead to complete system takeover, data breaches, and operational disruptions.

For European organizations, the impact of CVE-2025-36367 is substantial due to the critical role IBM i systems play in enterprise IT environments. Successful exploitation results in root-level access, enabling attackers to bypass all security controls, access sensitive business data, manipulate or destroy data, and disrupt critical services. This can lead to severe financial losses, reputational damage, and regulatory non-compliance, particularly under GDPR requirements for data protection. The vulnerability's network exploitability increases the risk of remote attacks, potentially affecting distributed environments and cloud-connected IBM i instances. Organizations in sectors such as banking, manufacturing, telecommunications, and government services are particularly vulnerable, as they often rely on IBM i for core business processes. The lack of known exploits in the wild provides a window for proactive mitigation, but the high severity demands urgent attention to prevent potential targeted attacks.

1. Monitor IBM's official security advisories closely and apply patches or updates as soon as they become available to address CVE-2025-36367. 2. Until patches are released, restrict access to IBM i SQL services to only trusted and necessary users and systems, using network segmentation and firewall rules. 3. Implement strict access controls and least privilege principles for all user profiles on IBM i systems to minimize the risk of privilege escalation. 4. Enable detailed logging and monitoring of SQL service usage and privilege escalation attempts to detect suspicious activities early. 5. Conduct regular security audits and vulnerability assessments focused on IBM i environments to identify and remediate potential weaknesses. 6. Educate system administrators and security teams about this vulnerability and the importance of rapid response. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous IBM i SQL service behavior. 8. Review and harden IBM i system configurations, disabling unnecessary services and interfaces to reduce the attack surface.