CVE-2025-36245 | THREATINT

Description

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-29 | Updated 2025-10-01 | Assigner ibm

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

11.7.0.0

affected

References

www.ibm.com/support/pages/node/7246170 vendor-advisory patch

cve.org (CVE-2025-36245)

nvd.nist.gov (CVE-2025-36245)

Download JSON