Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2025-36137 Description: IBM Sterling Connect:Direct for UNIX incorrectly assigns permissions to the Control Center Director (CCD) user during maintenance tasks, allowing privileged users to escalate privileges further, especially when running the post-update script. CWE: CWE-250 - Execution with Unnecessary Privileges CVSS Score: 7.2 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions Remediation Additional Information Workarounds and Mitigations: None Notification Subscription: Subscribe to My Notifications to receive alerts for future security advisories.