VYPR
Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Feb 26, 2026

IBM Sterling Connect:Direct for UNIX command execution

CVE-2025-36137

Description

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.7:*:*:*:*:unix:*:*+ 1 more
    • cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.7:*:*:*:*:unix:*:*range: 6.2.0.7
    • (no CPE)range: >=6.2.0.7, <=6.2.0.9 iFix004; >=6.4.0.0, <=6.4.0.2 iFix001; >=6.3.0.2, <=6.3.0.5 iFix002

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.