CVE-2025-36059
Unknown Unknown - Not Provided

Local OS Command Execution in IBM Business Automation Workflow Containers

Vulnerability report for CVE-2025-36059, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-20

Last updated on: 2026-02-17

Assigner: IBM Corporation

Description

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-20
Last Modified
2026-02-17
Generated
2026-07-06
AI Q&A
2026-01-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 15 associated CPEs
Vendor Product Version / Range
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 24.0.1
ibm business_automation_workflow 25.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 24.0.0
ibm business_automation_workflow 25.0.0
ibm business_automation_workflow 25.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in IBM Business Automation Workflow containers versions 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. It allows a local user who has access to the container to execute operating system system calls, which could lead to unauthorized actions within the container environment.

Impact Analysis

The vulnerability could allow a local user with access to the container to execute OS system calls, potentially leading to unauthorized modification or control of the container environment. This could impact the integrity of the system and lead to security risks such as privilege escalation or unauthorized actions within the container.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36059. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart