Denial of Service Vulnerability in IBM WebSphere Application Server Liberty
CVE-2025-36047

7.5HIGH

Key Information:

Vendor: IBM
Status: Websphere Application Server Liberty
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-36047?

IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8 are susceptible to a denial of service vulnerability. By sending a specifically crafted request, a remote attacker can exploit this flaw, potentially leading to excessive memory consumption on the server. This situation could impair system performance and availability, making it crucial for users to apply appropriate mitigation strategies and updates as provided by IBM.

Affected Version(s)

WebSphere Application Server Liberty 18.0.0.2 <= 25.0.0.8

References

https://www.ibm.com/support/pages/node/7242086

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Apr 15, 2025