CVE-2025-36116
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-23

Last updated on: 2025-08-07

Assigner: IBM Corporation

Description
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-23
Last Modified
2025-08-07
Generated
2026-05-07
AI Q&A
2025-07-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-36116
EUVD
EUVD-2025-22447
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
ibm db2_mirror_for_i 7.4
ibm db2_mirror_for_i 7.5
ibm db2_mirror_for_i 7.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1385 The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a cross-site WebSocket hijacking issue in IBM Db2 Mirror for i GUI versions 7.4, 7.5, and 7.6. An unauthenticated attacker can send a specially crafted request to intercept an existing WebSocket connection, allowing them to remotely perform unauthorized operations.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to remotely perform operations that the user is not authorized to do by hijacking their WebSocket connection. This could lead to unauthorized access, data manipulation, or other malicious actions within the affected system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart