Cybersecurity Vulnerabilities

CVE-2025-36371: IBM i Database Plan Cache Information Disclosure – What You Need to Know

November 19, 2025 - By 

Overview

CVE-2025-36371 is a medium severity information disclosure vulnerability affecting IBM i versions 7.2, 7.3, 7.4, 7.5, and 7.6. This vulnerability resides in the database plan cache implementation and could allow a user with access to the plan cache to view information they are not authorized to see. This article provides a detailed overview of the vulnerability, its potential impact, and recommended mitigation steps.

Technical Details

The database plan cache in IBM i is used to store execution plans for SQL queries to improve performance. Due to insufficient access control mechanisms within the plan cache implementation, a user with the ability to access the cache (either legitimately or through exploitation of another vulnerability) could potentially retrieve sensitive data related to other users’ queries. This data might include table names, column names, and even parts of the data being queried, which could lead to unauthorized access to sensitive information.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) v3 score for CVE-2025-36371 is 6.5 (Medium).

  • Attack Vector (AV): Network
  • Attack Complexity (AC): Low
  • Privileges Required (PR): Low
  • User Interaction (UI): None
  • Scope (S): Unchanged
  • Confidentiality (C): High
  • Integrity (I): None
  • Availability (A): None

This score reflects the relative ease of exploitation (low attack complexity and privileges required) and the significant confidentiality impact (potential exposure of sensitive data).

Possible Impact

Successful exploitation of CVE-2025-36371 could lead to:

  • Unauthorized data access: Attackers could gain access to sensitive information stored in the database.
  • Data leakage: Compromised data could be leaked outside of the organization.
  • Compliance violations: Exposure of sensitive data could result in violations of data privacy regulations.

Mitigation and Patch Steps

IBM has released patches to address this vulnerability. It is highly recommended to apply the appropriate fix for your version of IBM i as soon as possible. To mitigate the risk, follow these steps:

  1. Apply the official IBM i patch: Download and install the PTF (Program Temporary Fix) provided by IBM. Refer to the reference link below for specific PTF information for your IBM i version.
  2. Review Access Controls: Ensure that database access controls are properly configured and that users only have the necessary privileges.
  3. Monitor System Logs: Regularly monitor system logs for any suspicious activity related to database access.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *