Cross-Site Scripting Vulnerability in IBM Business Automation Workflow
CVE-2025-36054

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Business Automation Workflow Containers; Business Automation Workflow Traditional With Process Federation Server
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-36054?

IBM Business Automation Workflow is susceptible to cross-site scripting (XSS) attacks, which enable unauthenticated attackers to inject malicious JavaScript into the Web UI. This can lead to unauthorized modifications of site functionality, ultimately risking the disclosure of sensitive information such as user credentials during trusted sessions. It is crucial for users to apply the latest security updates as outlined in the vendor's advisory to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Business Automation Workflow containers 24.0.0 <= 24.0.0-IF006

Business Automation Workflow containers 24.0.1 <= 24.0.1-IF004

Business Automation Workflow containers 25.0.0 <= 25.0.0-IF001

References

https://www.ibm.com/support/pages/node/7250261

vendor-advisorypatch

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Apr 15, 2025

JSON

IBM