CVE-2025-13333 (GCVE-0-2025-13333)

Vulnerability from cvelistv5 – Published: 2026-02-17 22:45 – Updated: 2026-02-18 20:41
VLAI?
Title
IBM WebSphere Application Server could provide weaker than expected security
Summary
IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.
Severity ?
4.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-358 - Improperly Implemented Security Check for Standard
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM WebSphere Application Server Affected: 9.0 , ≤ 9.0.5.27 (semver)
Affected: 8.5 , ≤ 8.5.5.29 (semver)
    cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13333",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-18T20:41:47.988272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-18T20:41:58.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:9.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:websphere_application_server:8.5.0:*:*:*:*:*:*:*"
          ],
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "9.0.5.27",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.5.29",
              "status": "affected",
              "version": "8.5",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.\u003c/p\u003e"
            }
          ],
          "value": "IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358 Improperly Implemented Security Check for Standard",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T22:45:10.891Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7260217"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH68976.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor IBM WebSphere Application Server traditional:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V9.0.0.0 through 9.0.5.26:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u0026nbsp;and \u003cstrong\u003ecarefully follow the instructions for steps required after fix installation.\u003c/strong\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 9.0.5.27 or later (targeted availability 1Q2026) and \u003cstrong\u003ecarefully follow the instructions in \u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;for steps required after fixpack installation.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor V8.5.0.0 through 8.5.5.29:\u003c/strong\u003e\u003cbr\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u0026nbsp;and \u003cstrong\u003ecarefully follow the instructions for steps required after fix installation.\u003c/strong\u003e\u003cbr\u003e--OR--\u003cbr\u003e\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026) and \u003cstrong\u003ecarefully follow the instructions in \u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7260117\"\u003ePH68976\u003c/a\u003e\u003cstrong\u003e\u0026nbsp;for steps required after fixpack installation.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH68976.\n\nAttention: After installing the interim fix or fixpack, please follow the additional instructions provided in the interim fix link referenced below to complete the remediation.\u00a0\n\nFor IBM WebSphere Application Server traditional:\n\nFor V9.0.0.0 through 9.0.5.26:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0and carefully follow the instructions for steps required after fix installation.\n--OR--\n\u00b7 Apply Fix Pack 9.0.5.27 or later (targeted availability 1Q2026) and carefully follow the instructions in  PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0for steps required after fixpack installation.\n\nFor V8.5.0.0 through 8.5.5.29:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves  PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0and carefully follow the instructions for steps required after fix installation.\n--OR--\n\u00b7 Apply Fix Pack 8.5.5.30 or later (targeted availability 3Q2026) and carefully follow the instructions in  PH68976 https://www.ibm.com/support/pages/node/7260117 \u00a0for steps required after fixpack installation.\n\nAdditional interim fixes may be available and linked off the interim fix download page."
        }
      ],
      "title": "IBM WebSphere Application Server could provide weaker than expected security",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13333",
    "datePublished": "2026-02-17T22:45:10.891Z",
    "dateReserved": "2025-11-17T19:53:28.144Z",
    "dateUpdated": "2026-02-18T20:41:58.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13333\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-02-17T23:16:18.150\",\"lastModified\":\"2026-02-18T17:51:53.510\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings.\"},{\"lang\":\"es\",\"value\":\"IBM WebSphere Servidor de Aplicaciones 9.0 y 8.5 podr\u00edan proporcionar seguridad m\u00e1s d\u00e9bil de lo esperado durante la administraci\u00f3n del sistema de la configuraci\u00f3n de seguridad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-358\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7260217\",\"source\":\"psirt@us.ibm.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.