RCE in Ibi Webfocus

CVE-2025-11548

A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.005 (37.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References