PH68418:WebSphere Application Server and WebSphere Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962 CVSS 7.5)

Download

Downloadable File

File link	File size	File description

Abstract

WebSphere Application Server and WebSphere Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962 CVSS 7.5)

Download Description

View the Security Bulletin

PH68418 resolves the following problem:

ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2025-7962.

PROBLEM SUMMARY:
Confidential for Security Integrity interim fix CVE-2025-7962.

PROBLEM CONCLUSION:
Confidential for CVE-2025-7962.

The fix for this APAR is targeted for inclusion in 8.5.5.29, 9.0.5.27.

For more information, see Recommended Updates for WebSphere Application Server:
https://www.ibm.com/support/pages/node/715553

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL	SIZE(Bytes)
V85 readme file	1978
V90 readme file	1939

Download Package

IMPORTANT NOTE:	WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table. Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages.

IBM Installation Manager packages

DOWNLOAD	RELEASE DATE	SIZE(Bytes)	URL
9.0.5.24-WS-WAS-IFPH68418	28 October 2025	277233	FC
9.0.5.26-WS-WAS-IFPH68418	24 November 2025	275798	FC
8.5.5.27-WS-WAS-IFPH68418	28 October 2025	277309	FC

Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.

Problems Solved

PH68418

Change History

02 December 2025: Additional interim fix for 9.0.5.26

10 November 2025: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Technical Support

Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.27;8.5.5.28;9.0.5.24;9.0.5.25","Edition":"Base","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Problems (APARS) fixed
PH68418

Was this topic helpful?

Document Information

Modified date:
02 December 2025

UID

ibm17249724

Tips