Skip to the content.

DIVD-2025-00034 - Remote Code Execution in IBM WebSphere version 8.5 and 9.0

Our reference DIVD-2025-00034
Case lead Victor Pasman
Researcher(s)
CVE(s)
Product IBM WebSphere
Versions IBM WebSphere versions below 9.0.5.24 8.5.5.27
Recommendation Update to versions 8.5.5.28 and 9.0.5.25 or later
Patch status Fully patched
Workaround None
Status Closed
Last modified 08 Sep 2025 14:53 CEST

Summary

The IBM WebSphere contains a critical Remote Code Execution (RCE) vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. Successful exploitation can result in full system compromise, including access to credentials, sensitive data, and hosted servers. The issue has been resolved in version 8.5.5.28 and 9.0.5.25 of the IBM WebSphere. It is strongly recommended to update to the latest version as soon as possible.

What you can do

It is strongly advised that all impacted organisations immediately update their IBM WebSpehere installations to the latest available version (8.5.5.28 or 9.0.5.25) as described in the following Advisory.

What we are doing

DIVD is currently working to identify parties that are running a vulnerable version of IBM WebSphere and to notify these parties.

Timeline

Date Description
01 Jul 2025-
01 Jul 2025
IBM published the vulnerability
04 Jul 2025-
04 Jul 2025
DIVD starts scanning the internet for open IBM WebSphere instances.
09 Jul 2025-
09 Jul 2025
DIVD sent out a first batch of notifications.
20 Aug 2025-
20 Aug 2025
DIVD starts scanning the internet for open IBM WebSphere instances for the second time.
20 Aug 2025-
20 Aug 2025
DIVD sent out a second batch of notifications.
08 Sep 2025-
08 Sep 2025
DIVD starts scanning the internet for open IBM WebSphere instances for the third time.
08 Sep 2025-
08 Sep 2025
DIVD sent out a third batch of notifications.
08 Sep 2025-
08 Sep 2025
Case closed
gantt title DIVD-2025-00034 - Remote Code Execution in IBM WebSphere version 8.5 and 9.0 dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2025-00034 - Remote Code Execution in IBM WebSphere version 8.5 and 9.0 (69 days) :2025-07-01, 2025-09-08 section Events IBM published the vulnerability (0 days) : 2025-07-01, 2025-07-01 DIVD starts scanning the internet for open IBM WebSphere instances. (0 days) : 2025-07-04, 2025-07-04 DIVD sent out a first batch of notifications. (0 days) : 2025-07-09, 2025-07-09 DIVD starts scanning the internet for open IBM WebSphere instances for the second time. (0 days) : 2025-08-20, 2025-08-20 DIVD sent out a second batch of notifications. (0 days) : 2025-08-20, 2025-08-20 DIVD starts scanning the internet for open IBM WebSphere instances for the third time. (0 days) : 2025-09-08, 2025-09-08 DIVD sent out a third batch of notifications. (0 days) : 2025-09-08, 2025-09-08 Case closed (0 days) : 2025-09-08, 2025-09-08

More information