IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-12531

 

IBM InfoSphere Information Server Versions: 11.7.0.0 and later and 11.7.1.6 and earlier

 

CVE-2025-36367

 

IBM i Version: 7.6
IBM i Version: 7.5
IBM i Version: 7.4
IBM i Version: 7.3
IBM i version: 7.2

 

 

Resolved Vulnerabilities

 

XML Foreign Entity Injection Vulnerability in IBM InfoSphere Information Server (CVE-2025-12531)
Privilege escalation vulnerability in IBM i (CVE-2025-36367)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-12531

 

IBM InfoSphere Information Server Versions: See Referenced Sites documentation [3]

 

CVE-2025-36367

 

IBM i 7.6: SJ07552, SJ07650, SJ07651, SJ07652
IBM i 7.5: SJ07553, SJ07653, SJ07654, SJ07655
IBM i 7.4: SJ07554, SJ07656, SJ07657, SJ07658
IBM i 7.3: SJ07555, SJ07659, SJ07660, SJ07661
IBM i 7.2: SJ07556, SJ07662, SJ07663, SJ07664

 

 

References

 

[1] Security Bulletin: IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability (CVE-2025-12531)
https://www.ibm.com/support/pages/node/7249881
[2] Security Bulletin: IBM i is affected by a privilege escalation in IBM i SQL services [CVE-2025-36367]
https://www.ibm.com/support/pages/node/7249915
[3] Fix Central
https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FIBM+I..