CVE-2025-36038

🗓️ 25 Jun 2025 20:38:02Reported by ibmType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 73 Views

IBM WebSphere Application Server vulnerability allows remote code execution via serialized objects.

Reporter	Title	Published	Views	Family All 33
IBM Security Bulletins	Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-36038)	26 Jun 202515:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by arbitrary code execution (CVE-2025-36038)	10 Jul 202500:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038)	25 Jun 202515:42	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2025-36038)	14 Jul 202511:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by arbitrary code execution	27 Jun 202505:27	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of WebSphere Application Server traditional , the IBM Tivoli System Automation Application Manager is vulnerable to an arbitrary code execution vulnerability (CVE-2025-36038)	30 Jun 202506:58	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038)	31 Jul 202514:13	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.	23 Jul 202517:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Master Data Management is vulnerable to arbitrary code execution from vulnerability in WebSphere Application Server (CVE-2025-36038)	22 Sep 202514:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Application Server, which is bundled with WebSphere Remote Server, is affected by an arbitrary code execution vulnerability (CVE-2025-36038)	14 Jul 202516:40	–	ibm

NVD

Vulners

Node

ibm websphere_application_serverRange8.5–8.5.5.28

ibm websphere_application_serverRange9.0–9.0.5.25

AND

hp hp-uxMatch-

ibm aixMatch-

ibm iMatch-

ibm z/osMatch-

linux linux_kernelMatch-

microsoft windowsMatch-

oracle solarisMatch-

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "WebSphere Application Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "9.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7237967

26 Aug 2025 14:51Current

8High risk

Vulners AI Score8

CVSS 3.19 - 9.8

EPSS0.01

SSVC

CWE-502