Privilege Escalation Vulnerability in IBM ApplinX by IBM
CVE-2025-36418

7.3HIGH

Key Information:

Vendor: IBM
Status: Applinx
Vendor: CVE Published:; 20 January 2026

What is CVE-2025-36418?

IBM ApplinX 11.1 contains a vulnerability involving privilege escalation caused by improper verification of JSON Web Tokens (JWT). An attacker could exploit this flaw to craft or modify a JWT, allowing them to impersonate a legitimate user or gain elevated privileges within the application. This security oversight underscores the importance of rigorous token validation to prevent unauthorized access and maintain the integrity of user roles.

Affected Version(s)

ApplinX 11.1

References

https://www.ibm.com/support/pages/node/7257446

vendor-advisorypatch

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2026
Vulnerability Reserved
Apr 15, 2025

JSON