CVE-2025-36099
Medium
Low
Medium
High
Critical
4.9
CVSS Score
Vulnerability Description
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
H
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
2 configuration(s) from 1 vendor(s)
websphere_application_server
Version:
9.0.0.0
CPE:
cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:traditional:*:*:*
websphere_application_server
Version:
8.5.0.0
CPE:
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:-:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
4.9
out of 10.0
Medium
Weakness Type (CWE)
CWE-770
Allocation of Resources Without Limits or Throttling
- Description
- The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- September 29, 2025
