CVE-2025-36202

HIGH

IBM Webmethods Integration - Format String Vulnerability

Title source: rule

Description

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7245720

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 9.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-134

Status published

Products (2)

ibm/webmethods_integration 10.5

ibm/webmethods_integration 11.1

Published Sep 22, 2025

Tracked Since Feb 18, 2026