PT-2025-38725 · Ibm · Webmethods Integration
Rob Maslen
·
Published
2025-09-22
·
Updated
2025-09-22
·
CVE-2025-36202
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM webMethods Integration versions 10.15 and 11.1
Description
An authenticated user with execute Services permissions may be able to execute commands on the system. This is due to improper validation of format string strings received from an external source.
Recommendations
Apply updates to address improper validation of format string strings for IBM webMethods Integration version 10.15.
Apply updates to address improper validation of format string strings for IBM webMethods Integration version 11.1.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webmethods Integration