1. Home
  2. CVE Database
  3. CVE-2025-36049
HIGH · 8.8

CVE-2025-36049

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit ...

Vulnerability Description

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IbmWebmethods Integration10.5
AppleMacos-
LinuxLinux Kernel-
MicrosoftWindows-
NovellSuse Linux-
RedhatLinux-

Related Weaknesses (CWE)

CWE-611

References

FAQ

What is CVE-2025-36049?

CVE-2025-36049 is a vulnerability with a CVSS score of 8.8 (HIGH). IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit ...

How severe is CVE-2025-36049?

CVE-2025-36049 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-36049?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Webmethods Integration, Apple Macos, Linux Linux Kernel, Microsoft Windows, Novell Suse Linux.