Unrated severityNVD Advisory· Published Nov 6, 2025· Updated Nov 6, 2025

Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -

CVE-2025-36054

Description

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected products

IBM/Business Automation Workflow containersv5
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:*
Range: 24.0.0
IBM/Business Automation Workflow traditional with Process Federation Serverv5
cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*
Range: 24.0.0
IBM/Business Automation Workflowllm-fuzzy
Range: 24.0.0 <= version <= 24.0.0-IF006; 24.0.1 <= version <= 24.0.1-IF004; 25.0.0 <= version <= 25.0.0-IF001; also containers? traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7250261mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000