CVE-2025-36037
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-10-03
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | webmethods_integration | 10.15 |
| ibm | webmethods_integration | 11.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-36037 is a server-side request forgery (SSRF) vulnerability in IBM webMethods Integration Server versions 10.15 and 11.1. It allows an authenticated attacker to send unauthorized requests from the affected system, which could enable network enumeration or facilitate further attacks. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to send unauthorized requests from your system. This could lead to network enumeration, exposing internal network details, or enable other attacks that leverage the SSRF to compromise your environment. The impact on confidentiality and integrity is low, and there is no impact on availability according to the CVSS score. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the core fixes IS_10.15_Core_Fix22 or later for version 10.15, and IS_11.1_Core_Fix6 or later for version 11.1 of IBM webMethods Integration Server. These fixes can be downloaded and installed via the IBM webMethods Update Manager. No other workarounds or mitigations are provided, so applying these updates is the recommended immediate step. [1]