AI description
CVE-2025-36038 is a critical remote code execution (RCE) vulnerability found in IBM WebSphere Application Server versions 8.5 and 9.0. It stems from a deserialization issue where the application doesn't properly validate the type of objects being deserialized. This allows unauthenticated attackers to execute arbitrary code on systems running the affected versions. The vulnerability can be exploited by using a specially crafted sequence of serialized objects. Successful exploitation could lead to complete system compromise, potentially allowing attackers to install malware, steal sensitive data, disrupt business operations, and use the compromised system to attack other systems on the network.
- Description
- IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
- Source
- psirt@us.ibm.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
RCEだそうで『信頼できないデータをデシリアライズする脆弱性「CVE-2025-36038」』:【セキュリティ ニュース】「IBM WebSphere Application Server」にRCE脆弱性 - 暫定パッチ公開(1ページ目 / 全1ページ):Security NEXT http
@tamosan
30 Jun 2025
79 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-36038(CVSS 9.0)this flaw could allow unauthenticated remote code execution (RCE) via a maliciously crafted serialization payload, posing a serious risk to enterprise Java applications. 🎯16k+Results are found on the https://t.co/pb16tGYaKe nearly y
@fofabot
27 Jun 2025
2148 Impressions
5 Retweets
44 Likes
13 Bookmarks
1 Reply
0 Quotes
CVE-2025-36038 Remote Code Execution in IBM WebSphere Application Server 8.5 and 9.0 https://t.co/NBj5NQgBtl
@VulmonFeeds
26 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-36038: CRITICAL] IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.#cve,CVE-2025-36038,#cybersecurity https://t.co/4lAtzhhfoZ https://t.co/XPralFBrcR
@CveFindCom
25 Jun 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36038 IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized obj… https://t.co/iUmX1bREyG
@CVEnew
25 Jun 2025
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes