CVE-2025-36048

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36048

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

BM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.

References
Link Resource
https://www.ibm.com/support/pages/node/7237144 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:webmethods_integration:10.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*
History

13 Aug 2025, 14:12

Type Values Removed Values Added
First Time Apple macos
Microsoft windows
Ibm webmethods Integration
Novell suse Linux
Microsoft
Redhat linux
Redhat
Linux
Ibm
Apple
Linux linux Kernel
Novell
References () https://www.ibm.com/support/pages/node/7237144 - () https://www.ibm.com/support/pages/node/7237144 - Vendor Advisory
CPE cpe:2.3:a:ibm:webmethods_integration:10.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.7:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.11:*:*:*:*:*:*:*

23 Jun 2025, 20:16

Type Values Removed Values Added
Summary
  • (es) IBM webMethods Integration Server 10.5, 10.7, 10.11 y 10.15 podrían permitir que un usuario privilegiado aumente sus privilegios al manejar entidades externas debido a la ejecución con privilegios innecesarios.

18 Jun 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-18 16:15

Updated : 2025-08-13 14:12

NVD link : CVE-2025-36048

Mitre link : CVE-2025-36048

CVE.ORG link : CVE-2025-36048

JSON object : View

Products Affected

ibm

microsoft

redhat

apple

linux

novell

CWE
CWE-250

Execution with Unnecessary Privileges