Primary

Context

IBM webMethods Integration Deserialization Vulnerability Leading to Arbitrary Code Execution

Vulnerability

A vulnerability exists in IBM webMethods Integration versions 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6. This vulnerability allows an authenticated user to execute arbitrary code on the system, stemming from the deserialization of untrusted object graph data.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users are advised to upgrade to IBM webMethods Integration IS_10.11_Core_Fix23 or later, IS_10.15_Core_Fix23 or later, or IS_11.1_Core_Fix7 or later. These fixes can be downloaded and installed via the IBM webMethods Update Manager. For more information on downloading webMethods software, refer to the IBM Support page node 7232491.

Added: Nov 20, 2025, 11:21 PM

Updated: Nov 20, 2025, 11:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM webMethods Integration Deserialization Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating