CVE-2025-36054
IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
| Software | From | Fixed in |
|---|---|---|
| ibm / business_automation_workflow | 24.0.0 | 24.0.0.x |
| ibm / business_automation_workflow | 24.0.0-if001 | 24.0.0-if001.x |
| ibm / business_automation_workflow | 24.0.0-if002 | 24.0.0-if002.x |
| ibm / business_automation_workflow | 24.0.0-if003 | 24.0.0-if003.x |
| ibm / business_automation_workflow | 24.0.0-if004 | 24.0.0-if004.x |
| ibm / business_automation_workflow | 24.0.0-if005 | 24.0.0-if005.x |
| ibm / business_automation_workflow | 24.0.0-if006 | 24.0.0-if006.x |
| ibm / business_automation_workflow | 24.0.1 | 24.0.1.x |
| ibm / business_automation_workflow | 24.0.1-if001 | 24.0.1-if001.x |
| ibm / business_automation_workflow | 24.0.1-if002 | 24.0.1-if002.x |
| ibm / business_automation_workflow | 24.0.1-if004 | 24.0.1-if004.x |
| ibm / business_automation_workflow | 25.0.0 | 25.0.0.x |
| ibm / business_automation_workflow | 25.0.0-if001 | 25.0.0-if001.x |
| ibm / process_federation_server | 24.0.0 | 24.0.0.x |
| ibm / process_federation_server | 24.0.1 | 24.0.1.x |
| ibm / process_federation_server | 25.0.0 | 25.0.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime