Remote Code Execution Vulnerability in IBM WebSphere Application Server
CVE-2025-36038

9CRITICAL

Key Information:

Vendor: IBM
Status: Websphere Application Server
Vendor: CVE Published:; 25 June 2025

What is CVE-2025-36038?

IBM WebSphere Application Server versions 8.5 and 9.0 contain a vulnerability that allows remote attackers to execute arbitrary code. This is achieved by sending specially crafted sequences of serialized objects, which could lead to unauthorized access and potential exploitation of the server.

Affected Version(s)

WebSphere Application Server 8.5, 9.0

References

https://www.ibm.com/support/pages/node/7237967

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Apr 15, 2025