CVE-2025-36072

Summary

IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.

Affected Software

VendorProductVersion RangeStatus
IBMwebMethods Integration10.11 <= 10.11_Core_Fix22affected
IBMwebMethods Integration10.15 <= 10.15_Core_Fix22affected
IBMwebMethods Integration11.1 <= 11.1_Core_Fix6affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References