← Back

CVE-2025-36072

nvd nist
Published: Nov 20, 2025Modified: Dec 15, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: psirt@us.ibm.com (Secondary)

Description

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.

Affected (6)

Ibm
1 product
Webmethods Integration
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Webmethods Integration
Version 10.11
Webmethods Integration
Version 10.11 core_fix22
Webmethods Integration
Version 10.15
Webmethods Integration
Version 10.15 core_fix22
Webmethods Integration
Version 11.1
Webmethods Integration
Version 11.1 core_fix6

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.