CVE-2025-11548 | THREATINT

Description

A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution

PUBLISHED Reserved 2025-10-09 | Published 2025-10-14 | Updated 2025-10-14 | Assigner tibco

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

9.1 (Patch)

affected

9.2 (Patch)

affected

References

community.tibco.com/...025-ibi-webfocus-cve-2025-11548-r222/

cve.org (CVE-2025-11548)

nvd.nist.gov (CVE-2025-11548)

Download JSON