Ameeba Blog Logo
Ameeba Chat App store presentation
Download Ameeba Chat Today
Ameeba Blog Search

CVE-2025-36004: Unqualified Library Call Vulnerability in IBM i Facsimile Support

Ameeba’s Mission: Safeguarding privacy by securing data and communication with our patented anonymization technology.

Overview

The cybersecurity landscape continually grapples with newly discovered vulnerabilities, one of which is CVE-2025-36004. This particular vulnerability pertains to IBM i versions 7.2, 7.3, 7.4, and 7.5. It’s a serious issue that potentially allows a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. This vulnerability matters because a malicious actor could exploit it to run user-controlled code with administrator privileges, potentially leading to system compromise or data leakage. Both IBM i users and administrators need to be aware of this vulnerability and take the necessary steps to mitigate its risks.

Vulnerability Summary

CVE ID: CVE-2025-36004
Severity: High (8.8 CVSS Score)
Attack Vector: Local
Privileges Required: Low
User Interaction: Required
Impact: Potential system compromise or data leakage

Affected Products

Ameeba Chat Icon Escape the Surveillance Era

Most apps won’t tell you the truth.
They’re part of the problem.

Phone numbers. Emails. Profiles. Logs.
It’s all fuel for surveillance.

Ameeba Chat gives you a way out.

  • • No phone number
  • • No email
  • • No personal info
  • • Anonymous aliases
  • • End-to-end encrypted

Chat without a trace.

Product | Affected Versions

IBM i | 7.2
IBM i | 7.3
IBM i | 7.4
IBM i | 7.5

How the Exploit Works

The exploit works by taking advantage of an unqualified library call in IBM Facsimile Support for i. In simple terms, an unqualified library call is when a program doesn’t specify the library that is to be used for a certain function. This can lead to the wrong library being called and manipulated, especially if a malicious user is aware of this vulnerability. In this case, the malicious user can insert their own library into the library list, which would then be called instead of the intended library. This could allow the user to run their own code with elevated privileges.

Conceptual Example Code

Below is a conceptual example of how this type of vulnerability might be exploited. This example uses a shell command to illustrate the point:

# Add malicious library to the library list
ADDLIBLE LIB(MALICIOUS_LIB)
# Call function that has an unqualified library call
CALL PGM(IBM_FAX_FUNC)

In this example, the `ADDLIBLE` command is used to add the malicious library to the library list. Then, when the `CALL` command is used to call a function that has an unqualified library call, the system could potentially call the malicious library instead of the intended one. This could allow the malicious user to run their own code with elevated privileges.

Talk freely. Stay anonymous with Ameeba Chat.

Disclaimer:

The information and code presented in this article are provided for educational and defensive cybersecurity purposes only. Any conceptual or pseudocode examples are simplified representations intended to raise awareness and promote secure development and system configuration practices.

Do not use this information to attempt unauthorized access or exploit vulnerabilities on systems that you do not own or have explicit permission to test.

Ameeba and its authors do not endorse or condone malicious behavior and are not responsible for misuse of the content. Always follow ethical hacking guidelines, responsible disclosure practices, and local laws.

More posts

Ameeba Chat