CVE-2025-36116
Last modified
CVE-2025-36116 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.
Description
IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 Mirror For I | 7.4 |
| Ibm | Db2 Mirror For I | 7.5 |
| Ibm | Db2 Mirror For I | 7.6 |
References
- https://www.ibm.com/support/pages/node/7240351Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-36116?
How severe is CVE-2025-36116?
How do I fix CVE-2025-36116?
Are you affected by CVE-2025-36116?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST