IBM Controller 11.1.0-11.1.1 Authenticated DoS via Quantity Size Validation
CVE-2025-36015 Published on December 8, 2025
IBM Controller Denial of Service
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.
Vulnerability Analysis
CVE-2025-36015 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Products Associated with CVE-2025-36015
stack.watch emails you whenever new vulnerabilities are published in IBM Controller or IBM Cognos Controller. Just hit a watch button to start following.
Affected Versions
IBM Controller:- Version 11.1.0, <= 11.1.1 is affected.
- Version 11.0.0, <= 11.0.1 FP6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.