Metrics
Affected Vendors & Products
Solution
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH67546. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature. For IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.8 using the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature(s): · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH67546 --OR-- · Apply Liberty Fix Pack 25.0.0.9 or later (targeted availability 3Q2025). Additional interim fixes may be available and linked off the interim fix download page.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7242027 |
![]() ![]() |
Thu, 14 Aug 2025 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:* |
Tue, 12 Aug 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 12 Aug 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration | |
Title | IBM WebSphere Application Server Liberty bypass security | |
First Time appeared |
Ibm
Ibm websphere Application Server |
|
Weaknesses | CWE-268 | |
CPEs | cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:* cpe:2.3:a:ibm:websphere_application_server:25.0.0.7:*:*:*:liberty:*:*:* |
|
Vendors & Products |
Ibm
Ibm websphere Application Server |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-12T20:37:21.958Z
Reserved: 2025-04-15T21:16:18.171Z
Link: CVE-2025-36124

Updated: 2025-08-12T19:00:12.355Z

Status : Analyzed
Published: 2025-08-12T19:15:29.457
Modified: 2025-08-14T01:23:45.570
Link: CVE-2025-36124

No data.

No data.