Local OS System Call Execution Vulnerability in IBM Business Automation Workflow Containers
CVE-2025-36059

4.7MEDIUM

Key Information:

Vendor: IBM
Status: Business Automation Workflow Containers
Vendor: CVE Published:; 20 January 2026

What is CVE-2025-36059?

The vulnerability in IBM Business Automation Workflow containers allows a local user with access to the container to execute operating system system calls. This exposure can lead to unauthorized access or misuse of system resources, potentially compromising the integrity of the containerized environment. Proper patching and security measures should be applied to mitigate risks associated with this vulnerability.

Affected Version(s)

Business Automation Workflow containers 25.0.0 <= 25.0.0 Interim Fix 002

Business Automation Workflow containers 24.0.1 <= 24.0.1 Interim Fix 005

Business Automation Workflow containers 24.0.0 <= 24.0.0 Interim Fix 006

References

https://www.ibm.com/support/pages/node/7256777

vendor-advisorypatch

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2026
Vulnerability Reserved
Apr 15, 2025

JSON