CVE-2025-36049
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-08-13

Assigner: IBM Corporation

Description
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-08-13
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-36049
EUVD
EUVD-2025-18661
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
ibm webmethods_integration 10.5
ibm webmethods_integration 10.7
ibm webmethods_integration 10.11
ibm webmethods_integration 10.15
apple macos *
microsoft windows *
novell suse_linux *
redhat linux *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an XML External Entity (XXE) injection issue in the IBM webMethods Integration Server. It occurs when the server processes XML data, specifically in the pub.xslt.transformSerialXML service. A remote authenticated attacker can exploit this flaw to execute arbitrary commands on the affected system, potentially compromising the system's security. [1]


How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to remote code execution, allowing an attacker with authentication privileges to run arbitrary commands on the affected server. This can result in a high impact on confidentiality, integrity, and availability of the system, potentially leading to data breaches, system compromise, or service disruption. [1]


What immediate steps should I take to mitigate this vulnerability?

Apply the respective core fixes or later versions provided by IBM for your IBM webMethods Integration Server version. Specifically, update to IS_10.5_Core_Fix27 or later, IS_10.7_Core_Fix21 or later, IS_10.11_Core_Fix15 or later, or IS_10.15_Core_Fix11 or later. These fixes are available via the IBM webMethods Update Manager. There are no workarounds or mitigations other than applying these fixes. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart