Authorization Vulnerability in IBM App Connect Enterprise
CVE-2025-36361

6.3MEDIUM

Key Information:

Vendor: IBM
Status: App Connect Enterprise
Vendor: CVE Published:; 24 October 2025

What is CVE-2025-36361?

An oversight in IBM App Connect Enterprise versions 12.0 and 13.0 allows authenticated users to execute unauthorized actions on customer-defined resources due to insufficient authorization checks. This vulnerability poses a risk to data integrity and can potentially lead to unauthorized modifications within the application.

Affected Version(s)

App Connect Enterprise 13.0.1.0 <= 13.0.4.2

App Connect Enterprise 12.0.1.0 <= 12.0.12.17

References

https://www.ibm.com/support/pages/node/7249061

vendor-advisorypatch

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2025
Vulnerability Reserved
Apr 15, 2025

JSON