CVE-2025-36038

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 and 9.0

Description: The issue allows a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. This poses a serious risk to enterprise Java applications. Over 16,000 results have been found, indicating a significant potential impact. The flaw could allow unauthenticated remote code execution via a maliciously crafted serialization payload.

Recommendations: For IBM WebSphere Application Server versions 8.5 and 9.0, patch the system immediately to prevent arbitrary code execution. As a temporary workaround, consider restricting access to serialized objects until a patch is applied. Avoid using maliciously crafted serialization payloads in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.