IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
Fixes

Solution

IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective fix readme document. IS_10.5_Core_Fix29 or later IS_10.7_Core_Fix23 or later IS_10.11_Core_Fix11 or later IS_10.15_Core_Fix14 or later Fixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software


Workaround

No workaround given by the vendor.

History

Wed, 13 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Ibm
Ibm webmethods Integration
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Novell
Novell suse Linux
Redhat
Redhat linux
CPEs cpe:2.3:a:ibm:webmethods_integration:10.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Ibm
Ibm webmethods Integration
Linux
Linux linux Kernel
Microsoft
Microsoft windows
Novell
Novell suse Linux
Redhat
Redhat linux

Wed, 18 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 18 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Description IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
Title IBM webMethods Integration Sever code execution
First Time appeared Softwareag
Softwareag webmethods
Weaknesses CWE-250
CPEs cpe:2.3:a:softwareag:webmethods:10.11:*:*:*:*:*:*:*
cpe:2.3:a:softwareag:webmethods:10.15:*:*:*:*:*:*:*
cpe:2.3:a:softwareag:webmethods:10.5:*:*:*:*:*:*:*
cpe:2.3:a:softwareag:webmethods:10.7:*:*:*:*:*:*:*
Vendors & Products Softwareag
Softwareag webmethods
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-24T11:48:18.694Z

Reserved: 2025-04-15T21:16:10.569Z

Link: CVE-2025-36048

cve-icon Vulnrichment

Updated: 2025-06-18T17:49:51.221Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-18T16:15:27.080

Modified: 2025-08-13T14:12:38.570

Link: CVE-2025-36048

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.