CVE-2025-36059
Unknown
Unknown - Not Provided
Local OS Command Execution in IBM Business Automation Workflow Containers
Publication date: 2026-01-20
Last updated on: 2026-02-17
Assigner: IBM Corporation
Description
Description
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | business_automation_workflow | 24.0.1 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.1 |
| ibm | business_automation_workflow | 24.0.1 |
| ibm | business_automation_workflow | 24.0.1 |
| ibm | business_automation_workflow | 24.0.1 |
| ibm | business_automation_workflow | 25.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 25.0.0 |
| ibm | business_automation_workflow | 25.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
