CVE-2025-36047

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36047
IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7242086 Vendor Advisory
https://www.kb.cert.org/vuls/id/767506
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

03 Nov 2025, 20:18

Type Values Removed Values Added
References
  • () https://www.kb.cert.org/vuls/id/767506 -

18 Aug 2025, 17:25

Type Values Removed Values Added
CPE cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
References () https://www.ibm.com/support/pages/node/7242086 - () https://www.ibm.com/support/pages/node/7242086 - Vendor Advisory
Summary
  • (es) IBM WebSphere Application Server Liberty 18.0.0.2 a 25.0.0.8 es vulnerable a una denegación de servicio, causada por el envío de una solicitud especialmente manipulada. Un atacante remoto podría aprovechar esta vulnerabilidad para que el servidor consuma recursos de memoria.
First Time Apple
Linux
Ibm aix
Microsoft
Ibm
Ibm websphere Application Server
Ibm i
Microsoft windows
Apple macos
Linux linux Kernel
Ibm z\/os

14 Aug 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-14 16:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-36047

Mitre link : CVE-2025-36047

CVE.ORG link : CVE-2025-36047

JSON object : View

Products Affected

microsoft

  • windows

ibm

  • z\/os
  • aix
  • i
  • websphere_application_server

linux

  • linux_kernel

apple

  • macos
CWE
CWE-770

Allocation of Resources Without Limits or Throttling