CVE-2025-36202 HIGH

CVE-2025-36202: IBM webMethods Integration code execution

Vendor Ibm
Product webMethods Integration
Weakness CWE-134
Published September 22, 2025
Last update September 22, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

Key dates

02Disclosure timeline

September 22, 2025 CVE published
September 22, 2025 Record updated