- What is the severity of CVE-2025-36038?
- CVE-2025-36038 has been scored as a critical severity vulnerability.
- How to fix CVE-2025-36038?
- To fix CVE-2025-36038: For IBM WebSphere Application Server traditional: For V9.0.0.0 through 9.0.5.24: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH66674 --OR-- · Apply Fix Pack 9.0.5.25 or later (targeted availability 3Q2025). For V8.5.0.0 through 8.5.5.27: · Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH66674 --OR-- · Apply Fix Pack 8.5.5.28 or later (targeted availability 3Q2025). Additional interim fixes may be available and linked off the interim fix download page.
- Is CVE-2025-36038 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2025-36038 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2025-36038?
- CVE-2025-36038 affects IBM WebSphere Application Server.