CVE-2025-36059
Unknown Unknown - Not Provided
Local OS Command Execution in IBM Business Automation Workflow Containers

Publication date: 2026-01-20

Last updated on: 2026-02-17

Assigner: IBM Corporation

Description
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-02-17
Generated
2026-05-27
AI Q&A
2026-01-20
EPSS Evaluated
2026-05-25
NVD
CVE-2025-36059
EUVD
EUVD-2026-3358
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 25.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 25.0.0
ibm business_automation_workflow 25.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in IBM Business Automation Workflow containers versions 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. It allows a local user who has access to the container to execute operating system system calls, which could lead to unauthorized actions within the container environment.


How can this vulnerability impact me? :

The vulnerability could allow a local user with access to the container to execute OS system calls, potentially leading to unauthorized modification or control of the container environment. This could impact the integrity of the system and lead to security risks such as privilege escalation or unauthorized actions within the container.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart