DIVD-2025-00034 - Remote Code Execution in IBM WebSphere version 8.5 and 9.0
| Our reference | DIVD-2025-00034 |
| Case lead | Victor Pasman |
| Researcher(s) | |
| CVE(s) | |
| Product | IBM WebSphere |
| Versions | IBM WebSphere versions below 9.0.5.24 8.5.5.27 |
| Recommendation | Update to versions 8.5.5.28 and 9.0.5.25 or later |
| Patch status | Fully patched |
| Workaround | None |
| Status | Closed |
| Last modified | 08 Sep 2025 14:53 CEST |
Summary
The IBM WebSphere contains a critical Remote Code Execution (RCE) vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. Successful exploitation can result in full system compromise, including access to credentials, sensitive data, and hosted servers. The issue has been resolved in version 8.5.5.28 and 9.0.5.25 of the IBM WebSphere. It is strongly recommended to update to the latest version as soon as possible.
What you can do
It is strongly advised that all impacted organisations immediately update their IBM WebSpehere installations to the latest available version (8.5.5.28 or 9.0.5.25) as described in the following Advisory.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of IBM WebSphere and to notify these parties.
Timeline
| Date | Description |
|---|---|
|
01 Jul 2025- 01 Jul 2025 |
IBM published the vulnerability |
|
04 Jul 2025- 04 Jul 2025 |
DIVD starts scanning the internet for open IBM WebSphere instances. |
|
09 Jul 2025- 09 Jul 2025 |
DIVD sent out a first batch of notifications. |
|
20 Aug 2025- 20 Aug 2025 |
DIVD starts scanning the internet for open IBM WebSphere instances for the second time. |
|
20 Aug 2025- 20 Aug 2025 |
DIVD sent out a second batch of notifications. |
|
08 Sep 2025- 08 Sep 2025 |
DIVD starts scanning the internet for open IBM WebSphere instances for the third time. |
|
08 Sep 2025- 08 Sep 2025 |
DIVD sent out a third batch of notifications. |
|
08 Sep 2025- 08 Sep 2025 |
Case closed |