IBM WebSphere Application Server Vulnerability Allows Remote Code Execution
gbhackers
A critical security vulnerability, tracked as CVE-2025-36038, has been discovered in IBM WebSphere Application Server, exposing organizations to the risk of remote code execution by unauthenticated attackers.
This flaw, which affects widely deployed versions 8.5 and 9.0, is rated with a CVSS base score of 9.0, underlining its severity and the urgency for remediation.
Vulnerability Details
The vulnerability arises from a deserialization of untrusted data (CWE-502), allowing remote attackers to execute arbitrary code on affected systems.
| CVE ID | Description | CVSS Score | Affected Versions |
| CVE-2025-36038 | Remote code execution via deserialization of untrusted data | 9.0 | 8.5, 9.0 |
By sending a specially crafted sequence of serialized objects, an attacker can gain unauthorized control of the underlying server without requiring authentication.
If successfully exploited, this could lead to significant data breaches, service disruptions, or further compromise of enterprise environments.
“IBM WebSphere Application Server ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE