Overview

IBM products are vulnerable to critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code.

Description

IBM watsonx and IBM Master Data Management, maintaining Apache Tomcat and IBM WebSphere Application Server, are affected by the vulnerabilities tracked as CVE-2025-24813 and CVE-2025-36038 with CVSS scores of 9.8 and 9.0, respectively. The plugins are vulnerable due to a deserialization attack. The vulnerabilities allow attackers to send a specially crafted request to execute arbitrary code on the affected system.

Impact

Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.

Solution

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.ibm.com/support/pages/node/7246119
• 2. https://www.ibm.com/support/pages/node/7245746