CVE-2025-36097

CWE-121 — Stack-based Buffer Overflow3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 77.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Application Server Liberty

Timeline

PublishedJul 16

Description

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/websphere_application_server_liberty17.0.0.3 — 25.0.0.7

▶NVDibm/websphere_application_server9.0.0.0 — 9.0.5.24+1

▶CVEListV5ibm/websphere_application_server9.0

🔴Vulnerability Details

GHSA

GHSA-84r7-8mcv-2hg5: IBM WebSphere Application Server 9↗2025-07-16

▶

CVEList

IBM WebSphere Application Server denial of service↗2025-07-16

▶