IBM Db2 Mirror for i cross-site websocket hijacking_CVE-2025-36116

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

Basic Information

ID CVE-2025-36116

Source ibm

Published Jul 23, 2025 at 14:26

Modified Jul 23, 2025 at 15:13

Affected Product

Vendor IBM

Product Db2 Mirror for i

Version 7.4, 7.5, 7.6

Affected Versions IBM Db2 Mirror for i 7.4, 7.5, 7.6

CWE Classification

CWE-1385

References

www.ibm.com /support/pages/node/7240351

{
    "lastseen": "",
    "description": "IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability.  By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.",
    "published": "2025-07-23T14:26:06.865Z",
    "modified": "2025-07-23T15:13:52.554Z",
    "type": "cve",
    "title": "IBM Db2 Mirror for i cross-site websocket hijacking",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7240351",
    "id": "CVE-2025-36116",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1385"
    ],
    "cvelist": null,
    "sourceData": "IBM Db2 Mirror for i 7.4, 7.5, 7.6",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Db2 Mirror for i",
    "version": "7.4, 7.5, 7.6",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}