DIVD-2025-00034 - Remote Code Execution in IBM WebSphere version 8.5 and 9.0
| Our reference | DIVD-2025-00034 |
| Case lead | Victor Pasman |
| Researcher(s) | |
| CVE(s) | |
| Product | IBM WebSphere |
| Versions | IBM WebSphere versions below 9.0.5.24 8.5.5.27 |
| Recommendation | Update to versions 8.5.5.28 and 9.0.5.25 or later |
| Patch status | Fully patched |
| Workaround | None |
| Status | Open |
| Last modified | 09 Jul 2025 10:21 CEST |
Summary
The IBM WebSphere contains a critical Remote Code Execution (RCE) vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. Successful exploitation can result in full system compromise, including access to credentials, sensitive data, and hosted servers. The issue has been resolved in version 8.5.5.28 and 9.0.5.25 of the IBM WebSphere. It is strongly recommended to update to the latest version as soon as possible.
What you can do
It is strongly advised that all impacted organisations immediately update their IBM WebSpehere installations to the latest available version (8.5.5.28 or 9.0.5.25) as described in the following Advisory.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of IBM WebSphere and to notify these parties.
Timeline
| Date | Description |
|---|---|
|
01 Jul 2025- 01 Jul 2025 |
IBM published the vulnerability |
|
04 Jul 2025- 04 Jul 2025 |
DIVD starts scanning the internet for open IBM WebSphere instances. |
|
09 Jul 2025- 09 Jul 2025 |
DIVD sent out a first batch of notifications. |