What is the CVSS score of EUVD-2025-18661?

EUVD-2025-18661 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Webmethods Integration are affected by EUVD-2025-18661?

IBM webMethods Integration Server instances across versions 10.5, 10.7, 10.11, and 10.15 are vulnerable to remote code execution through XML processing attacks.

How to fix or mitigate EUVD-2025-18661?

Within 24 hours: Inventory all webMethods Integration Server instances and versions in production and non-production environments; restrict network access to these systems to known trusted sources only. Within 7 days: Implement WAF rules to block XXE payloads in XML requests; disable XML external entity processing where possible; apply the strictest input validation on XML data. Within 30 days: Contact IBM for patch availability and emergency support; evaluate migration to patched versions or alternative integration platforms; conduct forensic review of access logs for exploitation attempts.

Webmethods Integration EUVD-2025-18661

| CVE-2025-36049 HIGH

Improper Restriction of XML External Entity Reference (CWE-611)

2025-06-18 psirt@us.ibm.com

XXE IBM Webmethods Integration

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 22:49 euvd

EUVD-2025-18661

Analysis Generated

Mar 14, 2026 - 22:49 vuln.today

CVE Published

Jun 18, 2025 - 16:15 nvd

HIGH 8.8

DescriptionCVE.org

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15

is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.

AnalysisAI

CVE-2025-36049 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-611 (XML External Entity). CVSS 8.8 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-18661 vulnerability details – vuln.today

Back

Webmethods Integration EUVD-2025-18661

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code