CVE-2025-36099
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-03
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | websphere_application_server | 8.5.0.0 |
| ibm | websphere_application_server | 9.0.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM WebSphere Application Server 8.5 and 9.0 is a denial of service (DoS) issue caused when a privileged user sends a specially-crafted request. This request causes the server to consume excessive memory resources, potentially leading to service disruption. It is classified under CWE-770, which involves allocation of resources without limits or throttling. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by causing the IBM WebSphere Application Server to consume excessive memory resources, which may lead to denial of service or service disruption. This affects the availability of the server, potentially interrupting business operations that rely on the server. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the interim fix or fix pack containing APAR PH67817. For IBM WebSphere Application Server 9.0, upgrade to the minimal fix pack level required by the interim fix and then apply the interim fix or directly apply Fix Pack 9.0.5.26 or later. For version 8.5, similarly upgrade to the minimal fix pack level and apply the interim fix or apply Fix Pack 8.5.5.29 or later. No workarounds or other mitigations are provided, so applying the recommended fixes is the immediate step. [1]