CVE-2025-36048

Published: Jun 18, 2025Modified: Aug 13, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

Affected (4)

Products: Ibm: Webmethods Integration

Ibm

1 product

Webmethods Integration

Configuration A

4 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Ibm Webmethods Integration	Version 10.11
Ibm Webmethods Integration	Version 10.15
Ibm Webmethods Integration	Version 10.5
Ibm Webmethods Integration	Version 10.7

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions
Novell Suse Linux	All versions
Redhat Linux	All versions

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (1)

https://www.ibm.com/support/pages/node/7237144

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.