CVE-2025-36054

🗓️ 06 Nov 2025 14:11:49Reported by ibmType

Cross-site scripting flaw in IBM Business Automation Workflow allows unauthenticated JavaScript in Web UI.

Reporter	Title	Published	Views	Family All 8
IBM Security Bulletins	Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server - CVE-2025-36054	6 Nov 202510:20	–	ibm
CNNVD	IBM Business Automation Workflow containers和IBM Business Automation Workflow traditional with Process Federation Server 跨站脚本漏洞	6 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-36054 Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -	6 Nov 202514:11	–	cvelist
EUVD	EUVD-2025-37985	6 Nov 202515:31	–	euvd
NVD	CVE-2025-36054	6 Nov 202515:15	–	nvd
Positive Technologies	PT-2025-45182	6 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-36054	7 Nov 202514:51	–	redhatcve
Vulnrichment	CVE-2025-36054 Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -	6 Nov 202514:11	–	vulnrichment

NVD

Vulners

Node

ibm business_automation_workflowMatch-traditional

ibm business_automation_workflowMatch24.0.0-containers

ibm business_automation_workflowMatch24.0.0if001containers

ibm business_automation_workflowMatch24.0.0if002containers

ibm business_automation_workflowMatch24.0.0if003containers

ibm business_automation_workflowMatch24.0.0if004containers

ibm business_automation_workflowMatch24.0.0if005containers

ibm business_automation_workflowMatch24.0.0if006containers

ibm business_automation_workflowMatch24.0.1-containers

ibm business_automation_workflowMatch24.0.1if001containers

ibm business_automation_workflowMatch24.0.1if002containers

ibm business_automation_workflowMatch24.0.1if004containers

ibm business_automation_workflowMatch25.0.0-containers

ibm business_automation_workflowMatch25.0.0if001containers

ibm process_federation_serverMatch24.0.0

ibm process_federation_serverMatch24.0.1

ibm process_federation_serverMatch25.0.0

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if006:*:*:containers:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if004:*:*:containers:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if001:*:*:containers:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Business Automation Workflow containers",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "24.0.0-IF006",
        "status": "affected",
        "version": "24.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "24.0.1-IF004",
        "status": "affected",
        "version": "24.0.1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "25.0.0-IF001",
        "status": "affected",
        "version": "25.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*",
      "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Business Automation Workflow traditional with Process Federation Server",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "24.0.1",
        "status": "affected",
        "version": "24.0.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "25.0.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7250261

12 Dec 2025 15:21Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1

EPSS0.00072

SSVC

CWE-79