CVE-2025-36156 HIGH

CVE-2025-36156: IBM InfoSphere Data Replication VSAM for z/OS Remote Source code execution

Vendor Ibm
Product InfoSphere Data Replication VSAM for z/OS Remote Source
Weakness CWE-119
Published October 7, 2025
Last update February 26, 2026

CVSS base score

7.4/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system.

Key dates

02Disclosure timeline

October 7, 2025 CVE published
February 26, 2026 Record updated