CVE-2025-36097
published 2025-07-16CVE-2025-36097: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | >= 17.0.0.3 < 25.0.0.8 | 25.0.0.8 |
| ibm | websphere_application_server | >= 9.0.0.0 < 9.0.5.24 | 9.0.5.24 |
| ibm | websphere_application_server_liberty | 17.0.0.3 – 25.0.0.7 | — |