PT-2025-47639 · Ibm · Webmethods Integration
Published
2025-11-20
·
Updated
2025-12-15
·
CVE-2025-36072
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM webMethods Integration versions 10.11 through 10.11 Core Fix22
IBM webMethods Integration versions 10.15 through 10.15 Core Fix22
IBM webMethods Integration versions 11.1 through 11.1 Core Fix6
Description
IBM webMethods Integration allows an authenticated user to execute arbitrary code on the system. This is caused by the deserialization of untrusted object graphs data.
Recommendations
IBM webMethods Integration versions 10.11 through 10.11 Core Fix22 should be updated.
IBM webMethods Integration versions 10.15 through 10.15 Core Fix22 should be updated.
IBM webMethods Integration versions 11.1 through 11.1 Core Fix6 should be updated.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webmethods Integration