Unrated severityNVD Advisory· Published Jul 23, 2025· Updated Aug 18, 2025

IBM Db2 Mirror for i cross-site websocket hijacking

CVE-2025-36116

Description

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

Affected products

IBM/Db2 Mirror for iv5
cpe:2.3:a:ibm:db2_mirror_for_i:7.4:*:*:*:*:*:*:*
Range: 7.4, 7.5, 7.6
IBM/Db2 Mirror for illm-fuzzy
Range: 7.4, 7.5, 7.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7240351mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000