CVE-2025-33142Improper Certificate Validation in IBM Websphere Application Server

CWE-295Improper Certificate Validation3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.0%
top 91.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedAug 14

Description

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_application_server8.5.0.08.5.5.29+1
CVEListV5ibm/websphere_application_server8.5, 9.0+1

🔴Vulnerability Details

2
CVEList
IBM WebSphere Application Server information disclosure2025-08-14
GHSA
GHSA-2cw5-9mw6-623g: IBM WebSphere Application Server 82025-08-14
CVE-2025-33142 — Improper Certificate Validation in IBM | cvebase