← back
CVE-2025-36359

IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.

CVSS 8.1 HIGHCWE-613
Vexday Risk Score
18Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
30 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →