CVE-2025-36116 MEDIUM

CVE-2025-36116: IBM Db2 Mirror for i cross-site websocket hijacking

Vendor Ibm
Product Db2 Mirror for i
Weakness CWE-1385
Published July 23, 2025
Last update August 18, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

Key dates

02Disclosure timeline

July 23, 2025 CVE published
August 18, 2025 Record updated