IBM App Connect Enterprise Sensitive Info Disclosure in Logs (CVE-2025-36133)

Critical Vulnerability Information Vulnerability Details CVE-2025-7338 - Description: Multer is a Node.js middleware for handling . From versions 1.4.4-1 to 2.0.2, a vulnerability exists where attackers can trigger a Denial of Service (DoS) by sending malformed multipart upload requests. This request causes an unhandled exception, leading to process crashes. Users should upgrade to version 2.0.3 to receive the patch. - CVSS Base Score: 7.5 - CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVE-2025-36133 - Description: IBM App Connect Enterprise Certified Container DesignerAuthoring component stores potentially sensitive information in log files during installation, which may be readable by local users within the container. - CVSS Base Score: 5.9 - CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) Affected Products and Versions Remediation App Connect Enterprise Certified Container 12.14.0 (Continuous Delivery): Upgrade to App Connect Enterprise Certified Container Operator version 12.15.0 or higher, and ensure all DesignerAuthoring components are at 13.0.4.2-r1 or higher. App Connect Enterprise Certified Container 12.0 LTS (Long Term Support): Upgrade to App Connect Enterprise Certified Container Operator version 12.0.15 or higher, and ensure all DesignerAuthoring components are at 12.0.12-r15 or higher. Workspaces and Mitigations None Additional Information Release Date: September 1, 2025 Reference Links: - Complete CVSS v3 Guide - Online Calculator v3 - IBM Security Engineering Web Portal - IBM Product Security Incident Response Blog

Goal Reached Thanks to every supporter — we hit 100%!

IBM App Connect Enterprise Sensitive Info Disclosure in Logs (CVE-2025-36133)