Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-36048
PUBLISHED
More InfoOfficial Page
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
View Known Exploited Vulnerability (KEV) details
Published At-18 Jun, 2025 | 16:04
Updated At-24 Aug, 2025 | 11:48
Rejected At-
▼CVE Numbering Authority (CNA)
IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

Affected Products
Vendor
IBM CorporationIBM
Product
webMethods Integration Server
CPEs
  • cpe:2.3:a:softwareag:webmethods:10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:softwareag:webmethods:10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:softwareag:webmethods:10.11:*:*:*:*:*:*:*
  • cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 10.5
  • 10.7
  • 10.11
  • 10.15
Problem Types
TypeCWE IDDescription
CWECWE-250CWE-250 Execution with Unnecessary Privileges
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document. IS_10.5_Core_Fix29 or later IS_10.7_Core_Fix23 or later IS_10.11_Core_Fix11 or later IS_10.15_Core_Fix14 or later Fixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software

Configurations
Workarounds
Exploits
Credits
finder
Rob Maslen
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7237144
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found