How to fix EUVD-2025-18661?

Within 24 hours: Inventory all webMethods Integration Server instances and versions in production and non-production environments; restrict network access to these systems to known trusted sources only. Within 7 days: Implement WAF rules to block XXE payloads in XML requests; disable XML external entity processing where possible; apply the strictest input validation on XML data. Within 30 days: Contact IBM for patch availability and emergency support; evaluate migration to patched versions or alternative integration platforms; conduct forensic review of access logs for exploitation attempts.

Is Webmethods Integration affected by EUVD-2025-18661?

IBM webMethods Integration Server instances across versions 10.5, 10.7, 10.11, and 10.15 are vulnerable to remote code execution through XML processing attacks.

EUVD-2025-18661

| CVE-2025-36049 HIGH

2025-06-18 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 22:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:49 euvd

EUVD-2025-18661

CVE Published

Jun 18, 2025 - 16:15 nvd

HIGH 8.8

Description

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

Analysis

CVE-2025-36049 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Technical Context

CWE-611 (XML External Entity). CVSS 8.8 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

EUVD-2025-18661 vulnerability details – vuln.today

Back

EUVD-2025-18661

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18661

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code