CVE-2025-36361

📊 6.3 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 24, 2025

📋 Status: Analyzed

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

2 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	ibm	app connect enterprise	≥ 12.0.1.0 ∧ ≤ 12.0.12.17	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise::::::::
📱App	ibm	app connect enterprise	≥ 13.0.1.0 ∧ ≤ 13.0.4.2	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise::::::::

📱

ibm / app connect enterprise

Application

Vulnerable

Version: ≥ 12.0.1.0 ∧ ≤ 12.0.12.17

CPE:

cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*

📱

ibm / app connect enterprise

Application

Vulnerable

Version: ≥ 13.0.1.0 ∧ ≤ 13.0.4.2

CPE:

cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*

Metrics

6.3 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

LOW

Integrity:

LOW

Availability:

LOW

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.3 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)13.2th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 24, 2025 (8 days ago)

Last Modified

Oct 28, 2025 (4 days ago)

Security Weaknesses1

CWE-862

References2

NVDgeneral