Home

Description

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-22 | Updated 2025-09-22 | Assigner ibm




HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-134 Use of Externally-Controlled Format String

Product status

Default status
unaffected

10.15
affected

11.1
affected

Credits

Rob Maslen finder

References

www.ibm.com/support/pages/node/7245720 vendor-advisory patch

cve.org (CVE-2025-36202)

nvd.nist.gov (CVE-2025-36202)

Download JSON