Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-36116

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

Published

2025-07-23T15:15:31.690

Last Modified

2025-08-07T14:36:55.043

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-1385

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	db2_mirror_for_i	7.4	Yes
Application	ibm	db2_mirror_for_i	7.5	Yes
Application	ibm	db2_mirror_for_i	7.6	Yes

References

https://www.ibm.com/support/pages/node/7240351 Vendor Advisory ([email protected])