CVE-2025-36049

Summary

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15

is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
IBMwebMethods Integration Server10.5affected
IBMwebMethods Integration Server10.7affected
IBMwebMethods Integration Server10.11affected
IBMwebMethods Integration Server10.15affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References