CVE-2025-36202
HIGHDescription
IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format string strings passed as an argument from an external source.
Is your site exposed to CVE-2025-36202?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | webmethods_integration |
| ibm | webmethods_integration |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-36202? +
How severe is CVE-2025-36202? +
What products are affected by CVE-2025-36202? +
How do I check if I'm vulnerable to CVE-2025-36202? +
Related Vulnerabilities
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan …
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly …
WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application …
Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing …
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending …
A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort …