CVE-2025-36202HIGH 8.8EPSS p23.1%

CVE-2025-36202CVE-2025-36202

Description

IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.1% · 2026-06-18T12:00:27Z
Published2025-09-22
Last modified2025-10-03

Underlying weaknesses· 1

CWE-134

References

  1. https://www.ibm.com/support/pages/node/7245720

1

TypeTargetConfidenceTier
WeaknessUse of Externally-Controlled Format Stringcwe-1340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-36072
CVE
CVE-2025-36049
CVE
CVE-2025-36245
CVE
CVE-2025-13688
CVE
CVE-2025-14290
CVE
CVE-2025-13686
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.