IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects.
IBM: IBM WebSphere
Exploit
CVE-2025-36038
NVD
Refer to CVE-2025-36038 NVD advisory