IBM Support

IT48846: IBM STORAGE INSIGHTS SECURITY APAR FOR CVE-2025-36097, CVE-2025-48976

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • CVEID:   CVE-2025-36097
    DESCRIPTION:   IBM WebSphere Application Server and WebSphere
    Application Server Liberty are vulnerable to a denial of
    service, caused by a stack-based overflow.  An attacker can send
    a specially crafted request that cause the server to consume
    excessive memory resources.
    
    CVEID:   CVE-2025-48976
    DESCRIPTION:   Allocation of resources for multipart headers
    with insufficient limits enabled a DoS vulnerability in Apache
    Commons FileUpload. This issue affects Apache Commons
    FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.
    Users are recommended to upgrade to versions 1.6 or 2.0.0-M4,
    which fix the issue.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Storage Insights users                                   *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * SECURITY APAR FOR:                                           *
    * CVE-2025-36097, CVE-2025-48976                               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    

Problem conclusion

  • The fix for this APAR is targeted for the following release:
    
    IBM Storage Insights 4Q25   [ 54X-IBM-SI ]
    ( release target 4Q 2025 / December )
    
    The target dates for future releases do not represent a formal
    commitment by IBM. The dates are subject to change without
    notice.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT48846

  • Reported component name

    STORAGE INSIGHT

  • Reported component ID

    5608TPCSI

  • Reported release

    54X

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2025-12-09

  • Closed date

    2025-12-15

  • Last modified date

    2025-12-15

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STORAGE INSIGHT

  • Fixed component ID

    5608TPCSI

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSQRB8","label":"IBM Storage Insights"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"54X","Line of Business":{"code":"LOB69","label":"Storage TPS"}}]

Document Information

Modified date:
13 January 2026