CVE-2025-36059

EUVD-2026-3358
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
ibmCNA
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
ibmbusiness_automation_workflow
24.0.0
ibmbusiness_automation_workflow
24.0.0:if001
ibmbusiness_automation_workflow
24.0.0:if002
ibmbusiness_automation_workflow
24.0.0:if003
ibmbusiness_automation_workflow
24.0.0:if004
ibmbusiness_automation_workflow
24.0.0:if005
ibmbusiness_automation_workflow
24.0.0:if006
ibmbusiness_automation_workflow
24.0.1
ibmbusiness_automation_workflow
24.0.1:if001
ibmbusiness_automation_workflow
24.0.1:if002
ibmbusiness_automation_workflow
24.0.1:if004
ibmbusiness_automation_workflow
24.0.1:if005
ibmbusiness_automation_workflow
25.0.0
ibmbusiness_automation_workflow
25.0.0:if001
ibmbusiness_automation_workflow
25.0.0:if002
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7256777