CVE-2025-36116

Summary

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

Affected Software

VendorProductVersion RangeStatus
IBMDb2 Mirror for i7.4, 7.5, 7.6affected

Weaknesses

  • CWE-1385: CWE-1385 Missing Origin Validation in WebSockets

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References