CVE-2025-14150
Information Disclosure in IBM webMethods Integration Server
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | webmethods_integration_server | From 10.15 (inc) to 11.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2025-14150 vulnerability affects IBM webMethods Integration Server (on-premises) versions 10.15 through IS_10.15_Core_Fix24 and 11.1 through IS_11.1_Core_Fix8. It allows the server to disclose sensitive user information in server responses. This issue is classified under CWE-497, which means exposure of sensitive system information to an unauthorized control sphere.
The vulnerability has a CVSS v3.1 base score of 6.5, indicating a moderate severity. It can be exploited remotely over the network with low attack complexity and requires low privileges. No user interaction is needed, and the scope remains unchanged. The impact is high on confidentiality but does not affect integrity or availability.
How can this vulnerability impact me? :
This vulnerability can lead to the disclosure of sensitive user information through server responses. An attacker with low privileges could exploit this remotely without user interaction, potentially gaining access to confidential data.
While the vulnerability does not affect the integrity or availability of the system, the exposure of sensitive information could lead to privacy breaches, unauthorized data access, and potential misuse of the disclosed information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2025-14150 vulnerability in IBM webMethods Integration Server, you should apply the recommended core fixes.
- For version 10.15, apply core fix IS_10.15_Core_Fix25 or later.
- For version 11.1, apply core fix IS_11.1_Core_Fix9 or later.
These fixes can be downloaded and installed via the IBM webMethods Update Manager. No other workarounds or mitigations are provided.