Unrated severityNVD Advisory· Published Dec 15, 2025· Updated Dec 15, 2025

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability

CVE-2025-36360

Description

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated, potentially enabling unauthorized access under certain network conditions.

Affected products

IBM/UCD - IBM DevOps Deployv5
cpe:2.3:a:ibm:ucd___ibm_devops_deploy:8.0:*:*:*:*:*:*:*
Range: 8.0
IBM/UCD - IBM UrbanCode Deployv5
cpe:2.3:a:ibm:ucd___ibm_urbancode_deploy:7.1:*:*:*:*:*:*:*
Range: 7.1
HCL DevOps Deploy/Hcl Devops Deployllm-fuzzy
Range: 8.0-8.0.1.10, 8.1-8.1.2.3
IBM/Urbancode Deployllm-fuzzy
Range: 7.1-7.1.2.27, 7.2-7.2.3.20, 7.3-7.3.2.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7254661mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000