High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2025-36097
High
Low
Medium
High
Critical
7.5
CVSS Score
Vulnerability Description
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
70 configuration(s) from 1 vendor(s)
websphere_application_server
Version:
21.0.0.10
CPE:
cpe:2.3:a:ibm:websphere_application_server:21.0.0.10:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.0
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:traditional:*:*:*
websphere_application_server
Version:
9.0.5.15
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.15:*:*:*:-:*:*:*
websphere_application_server
Version:
21.0.0.2
CPE:
cpe:2.3:a:ibm:websphere_application_server:21.0.0.2:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.11
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.11:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.2
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.2:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.7
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.7:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.4:*:*:*:*:*:*:*
websphere_application_server
Version:
9.0.0.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.5:*:*:*:*:*:*:*
websphere_application_server
Version:
20.0.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.4:*:*:*:liberty:*:*:*
websphere_application_server
Version:
24.0.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:24.0.0.4:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.5:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.3:*:*:*:*:*:*:*
websphere_application_server
Version:
21.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:21.0.0.3:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.5:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.1:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.6
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.6:*:*:*:*:*:*:*
websphere_application_server
Version:
17.0.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:17.0.0.4:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.0
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.0:*:*:*:*:*:*:*
websphere_application_server
Version:
9.0.5.8
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.8:*:*:*:*:*:*:*
websphere_application_server
Version:
19.0.0.6
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.6:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.11
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.11:*:*:*:*:*:*:*
websphere_application_server
Version:
20.0.0.6
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.6:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.2
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.2:*:*:*:liberty:*:*:*
websphere_application_server
Version:
21.0.0.12
CPE:
cpe:2.3:a:ibm:websphere_application_server:21.0.0.12:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.3:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.1:*:*:*:*:*:*:*
websphere_application_server
Version:
17.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.7
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.7:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.5:*:*:*:hypervisor:*:*:*
websphere_application_server
Version:
24.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:24.0.0.3:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.4:*:*:*:*:*:*:*
websphere_application_server
Version:
22.0.0.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:22.0.0.5:*:*:*:liberty:*:*:*
websphere_application_server
Version:
24.0.0.6
CPE:
cpe:2.3:a:ibm:websphere_application_server:24.0.0.6:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.1:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.7
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.7:*:*:*:*:*:*:*
websphere_application_server
Version:
21.0.0.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:21.0.0.1:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.12
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.12:*:*:*:liberty:*:*:*
websphere_application_server
Version:
23.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:23.0.0.3:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.7
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.7:*:*:*:*:*:*:*
websphere_application_server
Version:
22.0.0.6
CPE:
cpe:2.3:a:ibm:websphere_application_server:22.0.0.6:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.9
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.9:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.6
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.6:*:*:*:*:*:*:*
websphere_application_server
Version:
9.0.0.8
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.8:*:*:*:*:*:*:*
websphere_application_server
Version:
21.0.0.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:21.0.0.5:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.9
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.9:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
websphere_application_server
Version:
9.0.0.10
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.10:*:*:*:*:*:*:*
websphere_application_server
Version:
18.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:18.0.0.3:*:*:*:liberty:*:*:*
websphere_application_server
Version:
19.0.0.8
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.8:*:*:*:liberty:*:*:*
websphere_application_server
Version:
18.0.0.2
CPE:
cpe:2.3:a:ibm:websphere_application_server:18.0.0.2:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.1:*:*:*:-:*:*:*
websphere_application_server
Version:
19.0.0.10
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.10:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.8
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.8:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.12
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.12:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.10
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.10:*:*:*:liberty:*:*:*
websphere_application_server
Version:
24.0.0.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:24.0.0.5:*:*:*:liberty:*:*:*
websphere_application_server
Version:
18.0.0.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:18.0.0.1:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.16
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.16:*:*:*:-:*:*:*
websphere_application_server
Version:
9.0.5.19
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.19:*:*:*:traditional:*:*:*
websphere_application_server
Version:
22.0.0.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:22.0.0.1:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.2
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.2:*:*:*:*:*:*:*
websphere_application_server
Version:
19.0.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:19.0.0.4:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.3:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.5.2
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.2:*:*:*:*:*:*:*
websphere_application_server
Version:
9.0.5.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.5.3:*:*:*:*:*:*:*
websphere_application_server
Version:
18.0.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:18.0.0.4:*:*:*:liberty:*:*:*
websphere_application_server
Version:
9.0.0.9
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.9:*:*:*:*:*:*:*
websphere_application_server
Version:
21.0.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:21.0.0.4:*:*:*:liberty:*:*:*
websphere_application_server
Version:
20.0.0.11
CPE:
cpe:2.3:a:ibm:websphere_application_server:20.0.0.11:*:*:*:liberty:*:*:*
This vulnerability affects 70 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
7.5
out of 10.0
High
Weakness Type (CWE)
CWE-121
Stack-based Buffer Overflow
- Description
- A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Variant
Key Information
- Published Date
- July 16, 2025
