IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-36038

 

IBM WebSphere Application Server Versions: 9.0.0.0 and later and 9.0.5.24 and earlier
IBM WebSphere Application Server Versions: 8.5.0.0 or later and 8.5.5.27 or earlier

 

CVE-2025-1991
IBM Informix Dynamic Server Version: 14.10
IBM Informix Dynamic Server Version: 12.10 and later
IBM Informix Dynamic Server Version: 15.0

 

 

Resolved Vulnerabilities

 

Remote code execution vulnerability in IBM WebSphere Application Server (CVE-2025-36038)
Denial of Service Attack Vulnerability in IBM Informix Dynamic Server (CVE-2025-1991)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-36038

 

IBM WebSphere Application Server version: 9.0.5.25 or later or apply the temporary patch available from the referenced sites[2]
IBM WebSphere Application Server version: 8.5.5.28 or later or apply the temporary patch available from the reference site[2]

 

CVE-2025-1991

IBM Informix Dynamic Server Version: 14.10.xC11W2
IBM Informix Dynamic Server Version: 12.10.xC16W2

 

 

References

 

[1] Security Bulletin: IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038)
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-39
[2] PH66674:IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038 CVSS 9.0)
https://www.ibm.com/support/pages/node/7237824
[3] Security Bulletin: Fixes available for CVE-2025-1991 H1-2581021: ‘An Integer Underflow During Informix Server Protocol Packet Processing Allows Attackers to Carry out a Denial-of-Service Attack’
https://www.ibm.com/support/pages/node/7238455