CVE-2025-36202

Summary

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

Affected Software

VendorProductVersion RangeStatus
IBMwebMethods Integration10.15affected
IBMwebMethods Integration11.1affected

Weaknesses

  • CWE-134: CWE-134 Use of Externally-Controlled Format String

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References