- What is the severity of CVE-2025-36157?
- CVE-2025-36157 has been scored as a critical severity vulnerability.
- How to fix CVE-2025-36157?
- To fix CVE-2025-36157: IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below: IBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. Affected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install 7.0.2 iFix035-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install 7.0.3 iFix018-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install 7.1.0 iFix004-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes or later Apart from installing these iFixes, kindly perform the following additional step as mentioned below: 1. Set the Advanced property named "setup.isRegistrationHandlerServiceOpen" to "False" under Jazz Team Server (JTS) > Server Administration > Advanced property page and save your changes.
- Is CVE-2025-36157 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2025-36157 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2025-36157?
- CVE-2025-36157 affects IBM Engineering Lifecycle Management.