CVE-2025-36038

Published Jun 25, 2025

Last updated 9 months ago

CVSS critical 9.0
IBM WebSphere

Overview

Description
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
Source
psirt@us.ibm.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@us.ibm.com
CWE-502

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidad en IBM WebSphere ❗CVE-2025-36038 ➡️Más info: https://t.co/exXFgHxNc4 https://t.co/dwUMilIolK

    @CERTpy

    30 Jun 2025

    248 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. RCEだそうで『信頼できないデータをデシリアライズする脆弱性「CVE-2025-36038」』:【セキュリティ ニュース】「IBM WebSphere Application Server」にRCE脆弱性 - 暫定パッチ公開(1ページ目 / 全1ページ):Security NEXT http

    @tamosan

    30 Jun 2025

    99 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. ⚠️⚠️ CVE-2025-36038(CVSS 9.0)this flaw could allow unauthenticated remote code execution (RCE) via a maliciously crafted serialization payload, posing a serious risk to enterprise Java applications. 🎯16k+Results are found on the https://t.co/pb16tGYaKe nearly y

    @fofabot

    27 Jun 2025

    2148 Impressions

    5 Retweets

    44 Likes

    13 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2025-36038 Remote Code Execution in IBM WebSphere Application Server 8.5 and 9.0 https://t.co/NBj5NQgBtl

    @VulmonFeeds

    26 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-36038: CRITICAL] IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.#cve,CVE-2025-36038,#cybersecurity https://t.co/4lAtzhhfoZ https://t.co/XPralFBrcR

    @CveFindCom

    25 Jun 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-36038 IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized obj… https://t.co/iUmX1bREyG

    @CVEnew

    25 Jun 2025

    140 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.