CVE-2025-36245

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.0%

top 91.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server

Timeline

PublishedSep 29

Latest updateSep 30

Description

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/infosphere_information_server11.7.0.0 — 11.7.1.6

▶NVDibm/infosphere_information_server11.7 — 11.7.1.6

🔴Vulnerability Details

GHSA

GHSA-x4fr-537r-qpv9: IBM InfoSphere 11↗2025-09-30

▶

CVEList

IBM InfoSphere Information Server command execution↗2025-09-29

▶