CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.0%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.ibm.com/support/pages/node/7237146

Products affected by CVE-2025-36049

Ibm » Webmethods Integration » Version: 10.11

cpe:2.3:a:ibm:webmethods_integration:10.11
Ibm » Webmethods Integration » Version: 10.15

cpe:2.3:a:ibm:webmethods_integration:10.15
Ibm » Webmethods Integration » Version: 10.5

cpe:2.3:a:ibm:webmethods_integration:10.5
Ibm » Webmethods Integration » Version: 10.7

cpe:2.3:a:ibm:webmethods_integration:10.7
Apple » Macos » Version: N/A

cpe:2.3:o:apple:macos:-
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-
Novell » Suse Linux » Version: N/A

cpe:2.3:o:novell:suse_linux:-
Redhat » Linux » Version: N/A

cpe:2.3:o:redhat:linux:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-36049

Products

Pricing

Contact Us