CVE-2025-36202

Published: Sep 22, 2025Modified: Oct 3, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

Affected (2)

Products: Ibm: Webmethods Integration

Ibm

1 product

Webmethods Integration

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Webmethods Integration	Version 10.5
Ibm Webmethods Integration	Version 11.1

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (1)

https://www.ibm.com/support/pages/node/7245720

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.