IBM webMethods Integration code execution_CVE-2025-36202

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

Basic Information

ID CVE-2025-36202

Source ibm

Published Sep 22, 2025 at 15:14

Affected Product

Vendor IBM

Product webMethods Integration

Version 10.15

Affected Versions IBM webMethods Integration 10.15
IBM webMethods Integration 11.1

CWE Classification

CWE-134

References

www.ibm.com /support/pages/node/7245720

{
    "lastseen": "",
    "description": "IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.",
    "published": "2025-09-22T15:14:44.349Z",
    "modified": "2025-09-22T15:14:44.349Z",
    "type": "cve",
    "title": "IBM webMethods Integration code execution",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7245720",
    "id": "CVE-2025-36202",
    "bulletinFamily": "",
    "cwe": [
        "CWE-134"
    ],
    "cvelist": null,
    "sourceData": "IBM webMethods Integration 10.15\nIBM webMethods Integration 11.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "webMethods Integration",
    "version": "10.15",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}