Security Advisory

IBM Product Security Update Advisory

  • Jun 27 2025
IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-3319

 

IBM Storage Protect Server Versions: 8.1.0.000 or later and 8.1.26.000 or earlier

 

CVE-2025-36004

 

IBM i version: 7.5
IBM i version: 7.4
IBM i Version: 7.3
IBM i version: 7.2

 

Cve-2025-0966, cve-2025-3221

 

InfoSphere Information Server version: 11.7.0.0 or later and 11.7.1.6 or earlier
InfoSphere Information Server on Cloud version: 11.7.0.0 or later and 11.7.1.6 or earlier

 

 

Resolved Vulnerabilities

 

Privilege bypass vulnerability in IBM Storage Protect Server (CVE-2025-3319)
Privilege vulnerability due to an unqualified library call in IBM i (CVE-2025-36004)
SQL Injection Vulnerability in InfoSphere Information Server (CVE-2025-0966)
Denial of Service Attack Vulnerability in InfoSphere Information Server (CVE-2025-3221)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2025-3319

 

IBM Storage Protect Server version: 8.1.27

 

CVE-2025-36004

 

For IBM i, see Installing skip ship products [2]

 

CVE-2025-0966

 

InfoSphere Information Server versions: 11.7.1.fp5, 11.7.1.fp6

 

 

CVE-2025-3221
InfoSphere Information Server Version: 11.7.1.fp6

 

 

References

 

[1] Security Bulletin: IBM Storage Protect Server is vulnerable to authorization bypass attack due to built-in admin account (CVE-2025-3319)
https://www.ibm.com/support/pages/node/7236999
[2] Security Bulletin: IBM i is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Facsimile Support for i [CVE-2025-36004].
https://www.ibm.com/support/pages/node/7237732
[3] Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection (CVE-2025-0966)
https://www.ibm.com/support/pages/node/7236613
[4] Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service (CVE-2025-3221)
https://www.ibm.com/support/pages/node/7235496

Tags:
Previous Post

Next Post