CVE-2025-36202

EPSS 0.05%
Published 22.09.2025 15:14:44
Last modified 03.10.2025 19:13:00
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Webmethods Integration Version10.5

Ibm ≫ Webmethods Integration Version11.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.137

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

https://www.ibm.com/support/pages/node/7245720

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36202

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36202

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36202

EUVD