6.3

CVE-2025-36116

EPSS 0.04%
Published 23.07.2025 14:26:06
Last modified 07.08.2025 14:36:55
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability.  By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Db2 Mirror For I Version7.4

Ibm ≫ Db2 Mirror For I Version7.5

Ibm ≫ Db2 Mirror For I Version7.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.122

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@us.ibm.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-1385 Missing Origin Validation in WebSockets

The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.

https://www.ibm.com/support/pages/node/7240351

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36116

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36116

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36116

EUVD