CVE-2025-36048

Summary

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

Affected Software

VendorProductVersion RangeStatus
IBMwebMethods Integration Server10.5affected
IBMwebMethods Integration Server10.7affected
IBMwebMethods Integration Server10.11affected
IBMwebMethods Integration Server10.15affected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References