CVE-2025-36038
published 2025-06-25CVE-2025-36038: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | >= 8.5 < 8.5.5.28 | 8.5.5.28 |
| ibm | websphere_application_server | >= 9.0 < 9.0.5.25 | 9.0.5.25 |