CVE-2025-36361 is a vulnerability classified under CWE-862 (Missing Authorization) affecting IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.17 and 13.0.1.0 through 13.0.4.2. This middleware product facilitates integration between applications and services in enterprise environments. The flaw arises because the software fails to enforce proper authorization checks on customer-defined resources, allowing an authenticated user with limited privileges to perform actions beyond their intended scope. The vulnerability can be exploited remotely over the network without requiring user interaction, but does require the attacker to have some level of authenticated access (low privilege). The CVSS v3.1 base score is 6.3, indicating a medium severity level, reflecting the limited but non-negligible impact on confidentiality, integrity, and availability. Exploitation could lead to unauthorized data access, modification, or disruption of integration workflows, potentially affecting business-critical processes. No public exploits or patches are currently available, so organizations must rely on compensating controls until IBM releases updates. The vulnerability highlights the importance of robust authorization mechanisms in integration platforms that manage sensitive data flows and business logic.

For European organizations, this vulnerability poses a risk to the confidentiality, integrity, and availability of data and processes managed through IBM App Connect Enterprise. Unauthorized actions on integration resources could lead to data leakage, unauthorized data modification, or disruption of automated workflows that connect critical business applications. This could impact sectors relying heavily on integration middleware, such as finance, manufacturing, telecommunications, and public services. The risk is heightened in environments where multiple users have authenticated access but with varying privilege levels, as the missing authorization controls could allow privilege escalation or lateral movement within the integration platform. Although no active exploits are known, the potential for disruption or data compromise warrants proactive mitigation, especially in regulated industries subject to GDPR and other compliance frameworks. The medium severity rating suggests the threat is serious but not critical, emphasizing the need for timely remediation and monitoring.

1. Immediately audit and review user roles and permissions within IBM App Connect Enterprise to ensure the principle of least privilege is enforced, limiting access to only necessary resources. 2. Implement strict access control policies and segregate duties to minimize the risk of unauthorized actions by authenticated users. 3. Monitor logs and user activity for unusual or unauthorized access patterns, focusing on changes to customer-defined resources. 4. Until IBM releases official patches, consider deploying network segmentation and additional authentication layers (e.g., MFA) to reduce the attack surface. 5. Engage with IBM support to obtain guidance on interim mitigations and stay informed about patch availability. 6. Conduct penetration testing and vulnerability assessments targeting authorization controls in the integration environment. 7. Educate administrators and users about the risks of privilege misuse and enforce strong credential management practices.