IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124)

Authors: Created by IBM

IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. CVEID: CVE-2025-36124 ^[1]
DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.
CWE: CWE-268:Privilege Chaining ^[2]
...

Just published by IBM: Read more