Login Sign Up

CVE-2025-36047

5.3 MEDIUM
Denial of Service

📋 TL;DR

IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8 are vulnerable to a denial of service attack where a remote attacker can send specially crafted requests to cause excessive memory consumption. This affects all deployments using vulnerable versions of the Liberty server, potentially leading to service disruption.

💻 Affected Systems

Products:
  • IBM WebSphere Application Server Liberty
Versions: 18.0.0.2 through 25.0.0.8
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations using affected versions are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Websphere Application Server by Ibm

View all CVEs affecting Websphere Application Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage due to memory exhaustion, requiring server restart and causing extended downtime.

🟠

Likely Case

Degraded performance or temporary service interruption until memory is freed or server is restarted.

🟢

If Mitigated

Minimal impact with proper monitoring and rapid response to memory spikes.

🌐 Internet-Facing: HIGH - Remote attackers can exploit without authentication if server is internet-accessible.
🏢 Internal Only: MEDIUM - Requires attacker to have network access to the server, but exploitation is still possible from internal networks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific requests but does not require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.0.0.9 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/7242086

Restart Required: Yes

Instructions:

1. Download and install IBM WebSphere Application Server Liberty version 25.0.0.9 or later from IBM Fix Central. 2. Stop the Liberty server. 3. Apply the update. 4. Restart the Liberty server.

🔧 Temporary Workarounds

Rate Limiting

all

Implement request rate limiting to prevent rapid exploitation attempts.

Configure via web server proxy (e.g., nginx rate_limit) or application firewall rules

Network Segmentation

all

Restrict access to Liberty servers to trusted networks only.

Configure firewall rules to allow only necessary IP ranges

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Deploy monitoring for abnormal memory consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check Liberty server version using server.xml or command line: java -jar wlp/bin/productInfo version

Check Version:

java -jar wlp/bin/productInfo version

Verify Fix Applied:

Verify version is 25.0.0.9 or later using same command and check for absence of memory spikes under normal load.

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory consumption patterns in Liberty logs
  • Multiple rapid requests from single sources

Network Indicators:

  • Spike in incoming requests to Liberty endpoints
  • Abnormal request patterns

SIEM Query:

source="liberty.log" AND ("memory" OR "heap") AND ("high" OR "exhausted")

📊 Metadata

CVE ID: CVE-2025-36047
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-770
EPSS Score: 0.1% exploit probability (28.4th percentile)
Published: August 14, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36047, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)