CVE-2025-36049

Published: Jun 18, 2025Modified: Aug 13, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

Affected (4)

Products: Ibm: Webmethods Integration

Ibm

1 product

Webmethods Integration

Configuration A

4 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Ibm Webmethods Integration	Version 10.11
Ibm Webmethods Integration	Version 10.15
Ibm Webmethods Integration	Version 10.5
Ibm Webmethods Integration	Version 10.7

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions
Novell Suse Linux	All versions
Redhat Linux	All versions

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (1)

https://www.ibm.com/support/pages/node/7237146

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.