CVE-2025-36097 in WebSphere Application Serverinfo

Summary

by MITRE • 07/16/2025

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 12/22/2025

IBM WebSphere Application Server versions 9.0 and WebSphere Application Server Liberty versions 17.0.0.3 through 25.0.0.7 contain a critical stack-based buffer overflow vulnerability that enables remote denial of service attacks. This vulnerability stems from insufficient input validation within the application server's request processing pipeline, where specially crafted malicious requests can trigger memory corruption through stack overflow conditions. The flaw exists in the server's handling of incoming HTTP requests, particularly when processing malformed or oversized data payloads that exceed allocated buffer boundaries. When exploited, this vulnerability allows an unauthenticated remote attacker to cause the application server to consume excessive memory resources, leading to system instability and potential complete service disruption. The stack-based overflow occurs during the parsing of request parameters or headers, where the server fails to properly bounds-check user-supplied data before copying it into fixed-size stack buffers. This vulnerability directly maps to CWE-121 Stack-based Buffer Overflow, which is classified as a critical weakness in the Common Weakness Enumeration catalog. The operational impact extends beyond simple service interruption as the excessive memory consumption can lead to cascading failures across dependent systems and applications running on the same infrastructure. Attackers can leverage this vulnerability through standard network-based exploitation techniques without requiring elevated privileges or specific authentication credentials. The vulnerability affects both the traditional WebSphere Application Server 9.0 release and the Liberty profile versions within the specified range, indicating a widespread impact across IBM's application server portfolio. From an adversary perspective, this flaw aligns with ATT&CK technique T1499.004 Network Denial of Service, where attackers can consume system resources to render services unavailable to legitimate users. The memory consumption pattern suggests that the overflow may cause the server to enter a state of continuous memory allocation attempts, potentially leading to system crashes or forced restarts that can take considerable time to recover from. The vulnerability's exploitation requires minimal technical expertise and can be automated, making it particularly dangerous in production environments where availability is critical. Organizations should prioritize immediate patching of affected systems and implement network segmentation controls to limit exposure while mitigations are deployed. The root cause analysis reveals that the vulnerability exists due to inadequate defensive programming practices in the server's input handling mechanisms, where traditional buffer overflow protections such as stack canaries or address space layout randomization are either absent or insufficiently implemented. This vulnerability represents a significant risk to enterprise environments where WebSphere Application Server serves as a core component of business-critical applications and services.

Responsible

Ibm

Reservation

04/15/2025

Disclosure

07/16/2025

Moderation

accepted

CPE

ready

EPSS

0.00399

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!