High Published: Aug 08, 2025 Modified: Aug 15, 2025

CVE-2025-36119

7.1 CVSS Score

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Description

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.

CVSS Vector Details

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability Low

Affected Software Configurations

o ibm i 7.3 * * * * * * *
o ibm i 7.4 * * * * * * *
o ibm i 7.5 * * * * * * *
o ibm i 7.6 * * * * * * *

Weaknesses (CWE)

CWE-290

References & External Links

https://www.ibm.com/support/pages/node/7241008

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker