CVE-2025-36137

Published: Oct 30, 2025Modified: Dec 12, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.

Affected (9)

Products: Ibm: Sterling Connect\

Ibm

1 product

Sterling Connect\

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling Connect\	From 6.2.0.7 to 6.2.0.9
Ibm Sterling Connect\	From 6.3.0.2 to 6.3.0.5
Ibm Sterling Connect\	From 6.4.0.0 to 6.4.0.2
Ibm Sterling Connect\	Version direct 6.2.0.9
Ibm Sterling Connect\	Version direct 6.2.0.9
Ibm Sterling Connect\	Version direct 6.3.0.5
Ibm Sterling Connect\	Version direct 6.3.0.5
Ibm Sterling Connect\	Version direct 6.4.0.2
Ibm Sterling Connect\	Version direct 6.4.0.2

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (1)

https://www.ibm.com/support/pages/node/7249678

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.