← back
CVE-2025-36202

IBM webMethods Integration code execution

CVSS 7.5 HIGHEPSS 0.3%CWE-134
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
22 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
IBM · webMethods Integration

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7245720