Sign In

CVE-2025-36038

📊 9.0 CRITICAL0.3%🎯 0 exploits
📅 Published Jun 25, 2025
📋 Status: Analyzed

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.

🎯 Affected Products & Systems

9 product configurations affected

Filter by type:
📱
Vulnerable
Version: ≥ 8.5 ∧ < 8.5.5.28
CPE:
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
📱
Vulnerable
Version: ≥ 9.0 ∧ < 9.0.5.25
CPE:
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
💻
hp / hp-ux
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
💻
ibm / aix
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
💻
ibm / i
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
💻
ibm / z\/os
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
💻
linux / linux kernel
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
💻
microsoft / windows
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
💻
oracle / solaris
Operating System
Safe
Version: All versions
CPE:
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*
9 productsscroll for more
Metrics
9.0 CRITICALCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
HIGH
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
CHANGED

🔍 Technical Details

Analysis Status
Analyzed
CVSS Details
9.0 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
0.3% (Minimal)48.5th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Jun 25, 2025 (4 months ago)
Last Modified
Jul 18, 2025 (3 months ago)
Security Weaknesses1
References2