CVE-2025-36048

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36048
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7237144 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:webmethods_integration:10.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*
History

13 Aug 2025, 14:12

Type Values Removed Values Added
First Time Linux
Microsoft windows
Redhat linux
Apple
Linux linux Kernel
Apple macos
Novell suse Linux
Ibm webmethods Integration
Redhat
Microsoft
Ibm
Novell
References () https://www.ibm.com/support/pages/node/7237144 - () https://www.ibm.com/support/pages/node/7237144 - Vendor Advisory
CPE cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

18 Jun 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-18 16:15

Updated : 2025-08-13 14:12

NVD link : CVE-2025-36048

Mitre link : CVE-2025-36048

JSON object : View

Products Affected

ibm

  • webmethods_integration

novell

  • suse_linux

apple

  • macos

redhat

  • linux

linux

  • linux_kernel

microsoft

  • windows
CWE
CWE-250

Execution with Unnecessary Privileges