Unrated severityNVD Advisory· Published Oct 24, 2025· Updated Oct 25, 2025

IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA

CVE-2025-36361

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

Affected products

IBM/App Connect Enterprisev5
cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
Range: 13.0.1.0
IBM/App Connect Enterprisellm-create
Range: 12.0.1.0 through 12.0.12.17, 13.0.1.0 through 13.0.4.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7249061mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000