CVE-2025-36361

MEDIUM

IBM App Connect Enterprise 12.0.1.0-12.0.12.17 and 13.0.1.0-13.0.4.2 - Authenticated Missing Authorization

Title source: llm
STIX 2.1

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7249061

Scores

CVSS v3 6.3
EPSS 0.0004
EPSS Percentile 13.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
ibm/app_connect_enterprise 12.0.1.0 - 12.0.12.17
Published Oct 24, 2025
Tracked Since Feb 18, 2026