CVE-2025-36361

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.8HIGH

EPSS

0.0%

top 88.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise

Timeline

PublishedOct 24

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5ibm/app_connect_enterprise13.0.1.0 — 13.0.4.2+1

▶NVDibm/app_connect_enterprise12.0.1.0 — 12.0.12.17+1

🔴Vulnerability Details

GHSA

GHSA-jxm3-88rp-cq73: IBM App Connect Enterprise 13↗2025-10-24

▶

CVEList

IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA↗2025-10-24

▶