IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
Fixes

Solution

The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.6, 7.5, 7.4, 7.3 and 7.2 will be fixed. The IBM i PTF numbers for 5770-999 contain the fixes for the vulnerability.


Workaround

No workaround given by the vendor.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00043}

epss

{'score': 0.00046}


Thu, 03 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

Wed, 07 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 07 May 2025 01:45:00 +0000

Type Values Removed Values Added
Description IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
Title IBM i improper certificate validation
First Time appeared Ibm
Ibm i
Weaknesses CWE-295
CPEs cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:i:7.6:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm i
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-01T00:35:12.463Z

Reserved: 2025-04-03T13:39:20.796Z

Link: CVE-2025-3218

cve-icon Vulnrichment

Updated: 2025-05-07T13:22:13.989Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-07T02:15:31.860

Modified: 2025-07-03T20:53:29.017

Link: CVE-2025-3218

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.