Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Feb 26, 2026

IBM Sterling Connect:Direct for UNIX command execution

CVE-2025-36137

Description

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.

Affected products

IBM/Sterling Connect:Direct for Unixv5
cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.7:*:*:*:*:unix:*:*
Range: 6.2.0.7
IBM/Sterling Connect:Direct for UNIX Containerllm-fuzzy
Range: >=6.2.0.7, <=6.2.0.9 iFix004; >=6.4.0.0, <=6.4.0.2 iFix001; >=6.3.0.2, <=6.3.0.5 iFix002

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7249678mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000