PT-2025-26178 · Ibm · Webmethods Integration Server
Rob Maslen
·
Published
2025-06-18
·
Updated
2025-08-13
·
CVE-2025-36048
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM webMethods Integration Server versions 10.5 through 10.15
Description
The issue allows a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
Recommendations
For versions 10.5 through 10.15, consider restricting the handling of external entities to necessary privileges only, until a proper fix is available.
As a temporary workaround, consider disabling the execution of external entities with elevated privileges to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webmethods Integration Server