CVE-2025-36360
MEDIUMDescription
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.
Is your site exposed to CVE-2025-36360?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | devops_deploy |
| ibm | devops_deploy |
| ibm | urbancode_deploy |
| ibm | urbancode_deploy |
| ibm | urbancode_deploy |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-36360? +
How severe is CVE-2025-36360? +
What products are affected by CVE-2025-36360? +
How do I check if I'm vulnerable to CVE-2025-36360? +
Related Vulnerabilities
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior …
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session …
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running …
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints …
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior …
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are …