¡¾·ì϶¹«¸æ¡¿IBM WebSphere Ô¶³Ì´úÂëÖ´Ðзì϶(CVE-2025-36038)

°ä²¼¹¦·ò 2025-07-03

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

IBM WebSphere Ô¶³Ì´úÂëÖ´Ðзì϶

CVE   ID

CVE-2025-36038

·ì϶ÀàÐÍ

RCE

·¢ÏÖ¹¦·ò

2025-07-03

·ì϶ÆÀ·Ö

9.0

·ì϶µÈ¼¶

ÑϳÁ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

¸ß

Óû§½»»¥

²»±ØÒª

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


IBM WebSphereÊÇIBMÌṩµÄÒ»ÌׯóÒµ¼¶ÖÐÑë¼þƽ̨ £¬ÖØÒªÓÃÓÚ¹¹½¨¡¢²¿ÊðºÍÖÎÀí»ùÓÚJavaµÄÀûÓ÷¨Ê½¡£ÆäÖ÷Ìâ×é¼þWebSphere Application Server£¨WAS£©Ö§³ÖJEE³ß¶È £¬¾ß±¸¸ß¿ÉÓÃÐÔ¡¢¿ÉÀ©´óÐԺͰ²È«ÐÔ £¬¿í·ºÀûÓÃÓÚ½ðÈÚ¡¢µçÐÅ¡¢µ±¾ÖµÈ¹Ø¼üÐÐÒµµÄÆóÒµ¼¶ÏµÍ³ÖС£


2025Äê7ÔÂ3ÈÕ £¬28Ȧ¼¯ÍÅVSRC¼à²âµ½IBM WebSphere Application Server´æÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶ £¬Ô­ÒòÊÇϵͳ¶Ô²»ÊÜÐÅÀµÊý¾Ý·´ÐòÁл¯´¦Öò»µ±¡£¹¥»÷Õß¿Éͨ¹ý»ú¹ØÌض¨ÐòÁл¯¶ÔÏó £¬ÔÚÎÞÐèÈÏÖ¤ºÍÓû§½»»¥µÄÇé¿öÏÂÔ¶³ÌÖ´ÐÐËÁÒâ´úÂë £¬½ø¶øÆëÈ«½ÚÔìÊÜÓ°Ïìϵͳ¡£¹¥»÷¸´ÔӶȸߵ«Ò»µ©³É¹¦¿ÉÔì³ÉÑϳÁºó¹û¡£


¶þ¡¢Ó°ÏìÁìÓò


8.5.0.0 ¡Ü IBM WebSphere Application Server ¡Ü 8.5.5.27  
9.0.0.0 ¡Ü IBM WebSphere Application Server ¡Ü 9.0.5.24¡£


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


½¨ÒéÓû§ÓÅÏÈͨ¹ý×°ÖÃÓÃÓÚ½¨¸´APAR PH66674µÄInterim Fix²¹¶¡À´½¨¸´¸Ã·ì϶¡£ÔÚ´Ë֮ǰ £¬Ó¦ÏȽ«IBM WebSphere Application ServerÉý¼¶ÖÁËùÐèµÄ×îµÍFix Pack°æ±¾ £¬ºÏÓÃÓÚ8.5.0.0ÖÁ8.5.5.27ºÍ9.0.0.0ÖÁ9.0.5.24°æ±¾µÄÓû§¡£


Áí¿ÉÑ¡ÔñÖ±½ÓÉý¼¶ÖÁÔ̺¬½¨¸´µÄÕýʽ°æ±¾ £¬ÆäÖÐWebSphere 8.5Óû§¿ÉÉý¼¶ÖÁFix Pack 8.5.5.28»ò¸ü¸ß°æ±¾ £¬WebSphere 9.0Óû§¿ÉÉý¼¶ÖÁFix Pack 9.0.5.25»ò¸ü¸ß°æ±¾£¨¾ù´òËãÓÚ2025ÄêµÚÈý¼¾¶È°ä²¼£©¡£


ÏÂÔØÁ´½Ó£ºhttps://www.ibm.com/support/pages/node/7237824/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


?¶¨ÆÚ¸üÐÂϵͳ²¹¶¡ £¬Ï÷¼õϵͳ·ì϶ £¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
?¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì £¬Åú¸Ä·À»ðǽսÊõ £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø £¬Ï÷¼õ¹¥»÷Ãæ¡£
?ʹÓÃÆóÒµ¼¶°²È«²úÆ· £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
?¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£

?ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://www.ibm.com/support/pages/node/7237967
https://nvd.nist.gov/vuln/detail/CVE-2025-36038