PH66674:IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038 CVSS 9.0)

Download

Downloadable File

File link	File size	File description

Abstract

IBM WebSphere Application Server could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. (CVE-2025-36038 CVSS 9.0)

Download Description

View the Security Bulletin

PH66674 resolves the following problem:

ERROR DESCRIPTION:
Confidential for Security Integrity interim fix CVE-2025-36038.

LOCAL FIX:

PROBLEM SUMMARY:
Confidential for Security Integrity interim fix CVE-2025-36038.

PROBLEM CONCLUSION:
Confidential for CVE-2025-36038.

The fix for this APAR is targeted for inclusion in 8.5.5.28 and 9.0.5.25.

For more information, see Recommended Updates for WebSphere Application Server:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Download Package

IMPORTANT NOTES:	WebSphere Application Server and Liberty fix access requires S&S Entitlement beginning in 2021. Use properly registered IDs to download the fixes in this table. Signature file is provided along with interim fix. See Verifying WebSphere Application Server release packages and Verifying Liberty release packages. The fixes below have an incorrect internal description/readme that mistakenly refers to CVE-2025-33214. The fixes resolve CVE-2025-36038.

DOWNLOAD	RELEASE DATE	APPLIES TO	SIZE(Bytes)	URL
9.0.5.15-WS-WAS-IFPH66674	24 June 2025	9.0.5.15-9.0.5.24	385555	FC
8.5.5.23-WS-WAS-IFPH66674	24 June 2025	8.5.5.23-8.5.5.27	365864	FC

Note: FC stands for Fix Central. Review the What is Fix Central (FC)? FAQs for more details.

Problems Solved

PH66674

Technical Support

Contact IBM Support at https://www.ibm.com/mysupport/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.23;8.5.5.24;8.5.5.25;8.5.5.26;8.5.5.27;9.0.5.15;9.0.5.16;9.0.5.17;9.0.5.18;9.0.5.19;9.0.5.20;9.0.5.21;9.0.5.22;9.0.5.23;9.0.5.24","Edition":"Base","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Problems (APARS) fixed
PH66674

Was this topic helpful?

Document Information

Modified date:
26 June 2025

UID

ibm17237824

Tips