CVE-2025-14150 PUBLISHED

IBM webMethods Integration Sever is affected by

Assigner: ibm
Reserved: 05.12.2025 Published: 05.02.2026 Updated: 05.02.2026

IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	webMethods Integration (on prem) - Integration Server
Versions	affected from 10.15 to IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 (incl.)

Solutions

IBM strongly recommends addressing the vulnerability now by applying the mentioned core fixes or later core fixes for the affected versions and following the respective readme document.

IS_10.15_Core_Fix25 or later IS_11.1_Core_Fix9 or later

Fixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software ( https://www.ibm.com/support/pages/node/7232491) https://www.ibm.com/support/pages/node/7232491%29

References

https://www.ibm.com/support/pages/node/7259518

Problem Types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE