CVE Alert: CVE-2025-36137 - IBM - Sterling Connect:Direct for Unix

CVE-2025-36137

HIGHNo exploitation known

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts.

CVSS v3.1 (7.2)

AV NETWORK · AC LOW · PR HIGH · UI NONE · S UNCHANGED

Vendor

IBM

Product

Sterling Connect:Direct for Unix

Versions

6.2.0.7 lte 6.2.0.9 iFix004 | 6.4.0.0 lte 6.4.0.2 iFix001 | 6.3.0.2 lte 6.3.0.5 iFix002

CWE

CWE-250, CWE-250 Execution with Unnecessary Privileges

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Published

2025-10-30T18:53:32.576Z

Updated

2025-10-30T19:09:23.701Z

cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.7:*:*:*:*:unix:*:*cpe:2.3:a:ibm:sterling_connect\:direct:6.2.0.9:ifix004:*:*:*:unix:*:*cpe:2.3:a:ibm:sterling_connect\:direct:6.4.0.0:*:*:*:*:unix:*:*cpe:2.3:a:ibm:sterling_connect\:direct:6.4.0.2.:ifix001:*:*:*:unix:*:*cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.2:*:*:*:*:*:*:*cpe:2.3:a:ibm:sterling_connect\:direct:6.3.0.5.:ifix002:*:*:*:unix:*:*

References

https://www.ibm.com/support/pages/node/7249678

AI Summary Analysis

Risk verdict

High risk of privilege escalation due to misassigned maintenance-task permissions in affected UNIX deployments; exploitation state and KEV/EPSS indicators are not provided.

Why this matters

Misplaced privileges for post-update scripts could let a privileged attacker extend their access or execute higher-privilege actions within the environment. The impact includes potential persistence, broader data access, and disruption of maintenance windows, affecting critical data transfers.

Most likely attack path

Network-based attempt to exploit a maintenance-task permission flaw, with the attacker needing high pre-existing privileges (PR: High) and no user interaction. An initial foothold or credential compromise would be followed by escalation via CCD-related tasks to run privileged scripts, enabling broader control without additional user actions.

Who is most exposed

Enterprises running Sterling Connect:Direct for Unix across data-transfer pipelines, typically with CCD accounts and maintenance scripts tied to privileged roles; organisations with broad CCD permissions or lax change-control over maintenance tasks are at greater risk.

Detection ideas

Monitor for unusual or elevated permissions granted to CCD-maintenance tasks
Detect executions of post-update scripts under CCD accounts outside normal maintenance windows
Alert on new or elevated CCD user privileges or accounts
Correlate maintenance-task activity with unexpected privilege elevations
Audit and alert on iFix-related script changes or deployments outside approved change-control

Mitigation and prioritisation

Apply fixed releases: upgrade to 6.4.0.2.iFix004, 6.3.0.5.iFix008, or 6.2.0.9.iFix005 as directed
Enforce least privilege for CCD users; remove unnecessary post-update-task privileges
Segment maintenance tasks; separate duties and implement strict change-control
Validate patches in a test environment before production rollout; schedule during low-activity windows
If KEV is confirmed or EPSS ≥ 0.5, treat as priority 1; otherwise treat as high priority.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-36137, IBM, OSINT, sterling-connect-direct-for-unix, threatintel

CVE Alert: CVE-2025-36137 – IBM – Sterling Connect:Direct for Unix