EUVD-2025-37202

🗓️ 30 Oct 2025 21:30:46Reported by EUVDType

IBM Sterling Connect Direct for Unix iFixes grant CCD users maintenance permissions, risking privilege escalation.

Reporter	Title	Published	Views	Family All 9
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to Execution with Unnecessary Privileges, CVE-2025-36137.	30 Oct 202516:03	–	ibm
Circl	CVE-2025-36137	30 Oct 202519:45	–	circl
CNNVD	IBM Sterling Connect Direct for Unix 安全漏洞	30 Oct 202500:00	–	cnnvd
CVE	CVE-2025-36137	30 Oct 202518:53	–	cve
Cvelist	CVE-2025-36137 IBM Sterling Connect:Direct for UNIX command execution	30 Oct 202518:53	–	cvelist
NVD	CVE-2025-36137	30 Oct 202519:16	–	nvd
Positive Technologies	PT-2025-44452	30 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-36137	31 Oct 202519:16	–	redhatcve
Vulnrichment	CVE-2025-36137 IBM Sterling Connect:Direct for UNIX command execution	30 Oct 202518:53	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "347aea70-ec61-37e8-af35-22c586e191b1",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2e0ac579-cb9a-32da-8222-9d9ac60752f3",
        "product": {
          "name": "Sterling Connect:Direct for UNIX"
        },
        "product_version": "6.2.0.7 ≤6.2.0.9 iFix004"
      },
      {
        "id": "5d9d77c2-80de-34a1-b492-a09d78463427",
        "product": {
          "name": "Sterling Connect:Direct for UNIX"
        },
        "product_version": "6.3.0.2 ≤6.3.0.5 iFix002"
      },
      {
        "id": "f0d972b3-f6b5-3cb5-afbf-182f2a36e910",
        "product": {
          "name": "Sterling Connect:Direct for UNIX"
        },
        "product_version": "6.4.0.0 ≤6.4.0.2 iFix001"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7249678
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-36137

30 Oct 2025 21:30Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.2

EPSS0.0004

SSVC