CVE-2025-14150
Unknown Unknown - Not Provided
Information Disclosure in IBM webMethods Integration Server

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: IBM Corporation

Description
IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14150
EUVD
EUVD-2025-206871
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm webmethods_integration_server From 10.15 (inc) to 11.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2025-14150 vulnerability affects IBM webMethods Integration Server (on-premises) versions 10.15 through IS_10.15_Core_Fix24 and 11.1 through IS_11.1_Core_Fix8. It allows the server to disclose sensitive user information in server responses. This issue is classified under CWE-497, which means exposure of sensitive system information to an unauthorized control sphere.

The vulnerability has a CVSS v3.1 base score of 6.5, indicating a moderate severity. It can be exploited remotely over the network with low attack complexity and requires low privileges. No user interaction is needed, and the scope remains unchanged. The impact is high on confidentiality but does not affect integrity or availability.

Impact Analysis

This vulnerability can lead to the disclosure of sensitive user information through server responses. An attacker with low privileges could exploit this remotely without user interaction, potentially gaining access to confidential data.

While the vulnerability does not affect the integrity or availability of the system, the exposure of sensitive information could lead to privacy breaches, unauthorized data access, and potential misuse of the disclosed information.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2025-14150 vulnerability in IBM webMethods Integration Server, you should apply the recommended core fixes.

  • For version 10.15, apply core fix IS_10.15_Core_Fix25 or later.
  • For version 11.1, apply core fix IS_11.1_Core_Fix9 or later.

These fixes can be downloaded and installed via the IBM webMethods Update Manager. No other workarounds or mitigations are provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14150. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart