Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server

—-BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

IBM WebSphere Application Server 9.0

IBM WebSphere Application Server 8.5

Overview

A vulnerability has been reported in IBM WebSphere Application Server that could be exploited by an attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organisations using IBM WebSphere Application Server.

Risk Assessment:

Critical risk to the confidentiality, integrity, and availability of affected systems.

Impact Assessment:

Potential for sensitive information disclosure, privilege escalation, denial of service, and system compromise.

Description

IBM WebSphere Application Server (WAS) is a software platform that provides a runtime environment for enterprise-level Java applications. It is a part of IBMs middleware offerings, primarily used for building, deploying, and managing Java-based applications, including Java EE (Enterprise Edition) applications.

An arbitrary code-execution vulnerability exists in IBM WebSphere Application Server that can be triggered by sending a specially crafted sequence of serialised objects. Successful exploitation could allow an attacker to execute arbitrary code on the targeted system, leading to unauthorised access and potential server compromise.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.ibm.com/support/pages/node/7237967

Vendor Information

IBM

https://www.ibm.com/support/pages/node/7237967

References

IBM

https://www.ibm.com/support/pages/node/7237967

CVE Name

CVE-2025-36038

– – —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmhj8LMACgkQ3jCgcSdc

ys8UKA/9EvM2+8dfNdKUoHxfH9y6qV/h3Job8jvDHY0ysqlgzhq1XR7I/sgFg6zo

0vB+/9ntXEhHG1ZA7+NuK0AoYfzJleBjuV5ivjdpKCc7TQnymE3HD92Ko1zh1ApV

q7P0UQyOzts63zlShvi66Me0mOlVB0MGFFx6KGcbgaCoibzE/1tM3OBdXB7xSM9P

v8FJZ0wHZoCi+AIs4ppCszjtGfTI7lPM1T55o3GlmJnK2uaJ6a+hW4VSadhROn+J

yVVOpPtRqC6v4pO9GICvYVyceZn9F+1Ko/l+JC5TsVq+Yc+I2V9yM5wZCf9mWe61

Dj2G6YiCbdUMxsOIBBKv5IyyjMwGcyLDk+J1B9Glke2dxtghAcihuHExRrTM1K/P

xOMRvc+TI+TCJYKRUn9Cgxfta3KpEonVe1qP7UAfzZsz3sQFXnhSmVGpWltJUafr

p0T/htkv9LenkDRSps67SfcvJfF9TBS4SCcG/uuKHroUakElm9BMILaUscjK7Foo

fDXSj3206SRZ4avfoQUJbSYIGrZ+EVcMiD9Oj2tTRBXbc9u5K/smXn2NihcmPzFt

Xx8tHthteve1WaOp6UyGCalIHKL9T2x4yWKlQMasIEbqvMXdzbvnZTTsqvUE9Z46

zVWukEbsooytZHwWcrSaM0EhCSsu1zfo0R6sH2qJX50ctMt545g=

=DNd0

—–END PGP SIGNATURE—–