Login Sign Up

CVE-2025-3218

5.4 MEDIUM
Authentication Bypass

📋 TL;DR

IBM i Netserver has authentication and authorization validation flaws that could allow attackers to brute force credentials or bypass access controls. This affects IBM i operating systems versions 7.2 through 7.6. Attackers could gain unauthorized access to the server.

💻 Affected Systems

Products:
  • IBM i Netserver
Versions: 7.2, 7.3, 7.4, 7.5, 7.6
Operating Systems: IBM i
Default Config Vulnerable: ⚠️ Yes
Notes: All IBM i systems with Netserver enabled are vulnerable. Netserver is typically enabled by default for file sharing services.

📦 What is this software?

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative access, data theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive files and services on the IBM i server, potentially leading to data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication policies, and monitoring in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to Netserver ports and involves authentication attacks. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM i PTF Group SF99738 Level 30 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7232750

Restart Required: Yes

Instructions:

1. Check current PTF level with DSPPTF
2. Apply PTF Group SF99738 Level 30 or later via GO PTF
3. Restart the IBM i system to activate fixes

🔧 Temporary Workarounds

Disable IBM i Netserver

ibmi

Temporarily disable the vulnerable service if not required

ENDTCPSVR SERVER(*NETSVR)

Restrict Network Access

all

Limit Netserver access to trusted networks only

Use IBM i firewall rules or network ACLs to restrict access to ports 445, 139, 138, 137

🧯 If You Can't Patch

  • Implement network segmentation to isolate IBM i systems
  • Enable detailed logging and monitoring for authentication attempts on Netserver

🔍 How to Verify

Check if Vulnerable:

Check IBM i version with WRKACTJOB and verify Netserver is active with NETSTAT *CNN

Check Version:

DSPPTF

Verify Fix Applied:

Verify PTF Group SF99738 Level 30 or later is installed with DSPPTF

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts in QHST log
  • Unusual file access patterns via Netserver

Network Indicators:

  • Brute force attempts on ports 445/139
  • Unexpected SMB traffic to IBM i systems

SIEM Query:

source="QHST" AND (event="authentication failure" OR event="access denied") AND dest_port IN (445, 139)

📊 Metadata

CVE ID: CVE-2025-3218
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-295
EPSS Score: 0.04% exploit probability (11.8th percentile)
Published: May 7, 2025
Last Updated: July 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3218, you might also want to check these:

CVE-2025-68121 10.0

This vulnerability in Go's crypto/tls package allows TLS session resumption to succeed when it shoul...

Same vulnerability type (CWE-295)
CVE-2024-5261 9.8

LibreOfficeKit mode in LibreOffice versions before 24.2.4 disables TLS certificate verification when...

Same vulnerability type (CWE-295)
CVE-2023-51837 9.8

MeshCentral 1.1.16 fails to properly validate SSL certificates when establishing connections, allowi...

Same vulnerability type (CWE-295)