CVE Catalog

CVE-2025-36359

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

The vulnerability in IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration. This allows an authenticated user to impersonate another user on the system.

Risk Assessment

The risk involves potential session hijacking, leading to unauthorized access to data and operations within the DevOps system.

Recommendation

It is recommended to immediately update to a version that fixes session invalidation and implement mechanisms enforcing re-authentication after session expiration.

Original NVD description (English source)

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS