CVE-2025-36119

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7241008

Configurations

No configuration.

History

08 Aug 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-08 15:15

Updated : 2025-08-08 20:30

NVD link : CVE-2025-36119

Mitre link : CVE-2025-36119

CVE.ORG link : CVE-2025-36119

JSON object : View

Products Affected

No product.

CWE

CWE-290

Authentication Bypass by Spoofing

7.1 /10