Session Management Flaw in IBM DevOps Automation and Loop Products
CVE-2025-36359

8.1HIGH

Key Information:

Vendor: IBM
Status: Devops Automation; Devops Loop
Vendor: CVE Published:; 30 June 2026

What is CVE-2025-36359?

A vulnerability exists in IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2, where session IDs are not invalidated post-expiration. This flaw poses a risk where an authenticated user could potentially impersonate another user, leading to unauthorized access and actions within the system. Organizations using these products should prioritize reviewing their session management practices and implement necessary updates to mitigate this security risk.

Affected Version(s)

DevOps Automation 1.0.1

DevOps Loop 1.0.2

References

https://www.ibm.com/support/pages/node/7277970

vendor-advisorypatch

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Apr 15, 2025

Credit

Sunil Dandamudi (HCL Software)

CVE-2025-36359 Data

JSON