Skip to main content

IBM CVE-2025-36410

LOW
Client-Side Enforcement of Server-Side Security (CWE-602)
2026-01-20 psirt@us.ibm.com
3.1
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 20, 2026 - 16:16 nvd
LOW 3.1

DescriptionCVE.org

IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security.

AnalysisAI

Applinx versions up to 11.1.0 contains a vulnerability that allows attackers to an authenticated user to perform unauthorized administrative actions on the serv (CVSS 3.1).

Technical ContextAI

affects Applinx. IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2025-36410 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy