CVE-2025-36411 – IBM ApplinX 11.1 contains a cross-site request ... (How to Fix)

Q: What is the severity of CVE-2025-36411?

CVE-2025-36411 has a CVSS score of 3.5 (LOW). IBM ApplinX 11.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions on the application. This affects organizations using IBM ApplinX 11.1 for mainframe application access. The vulnerability requires user interaction but can lead to data manipulation or unauthorized operations.

📋 TL;DR

IBM ApplinX 11.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to trick authenticated users into performing unauthorized actions on the application. This affects organizations using IBM ApplinX 11.1 for mainframe application access. The vulnerability requires user interaction but can lead to data manipulation or unauthorized operations.

💻 Affected Systems

Products:

IBM ApplinX

Versions: 11.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of IBM ApplinX 11.1 are affected regardless of configuration.

📦 What is this software?

Applinx by Ibm

View all CVEs affecting Applinx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform administrative actions, modify application configurations, or manipulate sensitive data through authenticated user sessions.

🟠

Likely Case

Attackers could trick users into changing their own settings, submitting unauthorized forms, or performing limited privileged actions.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to unsuccessful attack attempts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction and knowledge of application endpoints. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix from IBM Security Bulletin

Vendor Advisory: https://www.ibm.com/support/pages/node/7257446

Restart Required: Yes

Instructions:

1. Review IBM Security Bulletin
2. Download and apply the fix from IBM Fix Central
3. Restart ApplinX services
4. Verify the fix is applied

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax attributes on session cookies

🧯 If You Can't Patch

Implement web application firewall (WAF) with CSRF protection rules
Educate users about phishing risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check if running IBM ApplinX 11.1 without the security fix applied

Check Version:

Check ApplinX administration console or configuration files for version information

Verify Fix Applied:

Verify the fix is applied by checking version/patch level and testing CSRF protection

📡 Detection & Monitoring

Log Indicators:

Multiple state-changing requests from same user without CSRF tokens
Unexpected administrative actions in audit logs

Network Indicators:

Requests with missing or invalid anti-CSRF headers
Cross-origin requests to sensitive endpoints

SIEM Query:

source="applinx" AND (action="modify" OR action="delete" OR action="admin") AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2025-36411

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.01% exploit probability (2.2th percentile)

Published: January 20, 2026

Last Updated: January 26, 2026

🔗 References

https://www.ibm.com/support/pages/node/7257446 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36411, you might also want to check these: