CVE-2025-36116

MEDIUM

IBM Db2 Mirror for i 7.4-7.6 - Unauthenticated Cross-Site WebSocket Hijacking

Title source: llm

Description

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://www.ibm.com/support/pages/node/7240351

Scores

CVSS v3 6.3

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1385

Status published

Products (3)

ibm/db2_mirror_for_i 7.4

ibm/db2_mirror_for_i 7.5

ibm/db2_mirror_for_i 7.6

Published Jul 23, 2025

Tracked Since Feb 18, 2026