CVE-2025-36361HIGH 8.8EPSS p8.0%

CVE-2025-36361CVE-2025-36361

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.18% probability of exploitation · percentile 8.0% · 2026-06-19T12:03:05Z
Published2025-10-24
Last modified2025-10-28

Underlying weaknesses· 1

CWE-862

References

  1. https://www.ibm.com/support/pages/node/7249061

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13915
CVE
CVE-2026-5515
CVE
CVE-2025-36386
CVE
CVE-2025-36245
CVE
CVE-2025-3319
CVE
CVE-2026-4101
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.