IBM i PTF Guide, Volume 27, Number 33
August 25, 2025 Doug Bidwell
It might be a good and convenient thing that the WebSphere Application Server, the Web server embedded in the IBM i platform two and a half decades ago and making it part of the Internet, is based on the open source Apache Web server. But it sure does have a lot of patches. The good news is that because it is open source, it is patched regularly and problems do not fester in obscurity.
In this week’s IBM i PTF Guide, there are a slew of security vulnerabilities related to WebSphere, as there sometimes is. Let’s walk through them all.
First, we have Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36047), and you can see all about it here. Affected products include IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8.
Second, we have Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976), and you can find out more about this issue at this link. The affected products are:
- IBM WebSphere Application Server 9.0
- IBM WebSphere Application Server 8.5
- IBM WebSphere Application Server Liberty 0.0.3 – 25.0.0.8
Third, we have Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142), with more information available here. Affected products are IBM WebSphere Application Server 8.5 and 9.0.
Fourth, we have PH67546: IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124 CVSS 5.9), with more details here. The fix for this APAR is targeted for inclusion in WebSphere Application Server Liberty 25.0.0.9.
Fifth, we have Security Bulletin: IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability (CVE-2025-36000), and you can learn more here. IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 are affected by this issue.
And finally, sixth, something not related to WebSphere. We have Security Bulletin: IBM i is affected by errors in OpenSSL resulting in denial-of-service attacks and incorrect X.509 certificate verification due to multiple vulnerabilities. More information is available here. Here are the PTF numbers for the fix by operating system release:
- IBM i 7.6: SJ06752
- IBM i 7.5: SJ06751
- IBM i 7.4: SJ06726
- IBM i 7.3: SJ06726
- IBM i 7.2: SJ06726
Here is the rundown of PTF Groups by IBM i release level we did on August 16:
PTF Groups 7.6:
- HIPERs – High Impact Pervasive
- Group Security
- Java
- Fix list for IBM WebSphere Application Server Liberty
- PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
- PowerHA Tools for IBM i – Full System Replication (FSR)
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- Fix list for IBM WebSphere Application Server Liberty
- PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
- PowerHA Tools for IBM i – Full System Replication (FSR)
PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- Security
- Fix list for IBM WebSphere Application Server Liberty
- PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
- PowerHA Tools for IBM i – Full System Replication (FSR)
PTF Groups 7.3:
- HIPERs (High Impact/Pervasive)
- Security
- Fix list for IBM WebSphere Application Server Liberty
- PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
- PowerHA Tools for IBM i – Full System Replication (FSR)
New (or Updated) links added to the ‘Links’ tab in The Guide this week:
- PFGREP: Fast IBM i Source Code Search (Seiden Group), N/A
- Services IBM i Services, 1119123
New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:
- None
New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:
- 5250: Customizing Menu Bar in Access Client Solutions 5250 Session Manager, 688133
- 5250: How to Customize the Access Client Solutions 5250 Emulation Menu, 3539763
New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:
- None
New (or Updated) links Redbooks added this week:
- None
New (or Updated) stuff added to REF tab in The Guide this week:
- None
New (or Updated) links in the TAPE tab in The Guide this week:
- None
New (or Updated) links in the WAS tab in The Guide this week:
- WAS: Status of IBM WebSphere Application Server Liberty Repository, 7242288
The Guide at a glance: There were new defectives the week of 08/16/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:
Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.6 No Entries 7.5 07/17/25 SJ05893 DT444556 SJ06457 (When available)(read the recommendations) Read the cover letter-prerequisites 7.4 07/17/25 SJ05892 DT444556 SJ06452 Same as above, Please read the Cover letter - (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 01/27/25 SJ03169 DT422375 SJ03786 (When available)(read the recommendations)
Be sure to access the link in The Guide for further details.
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:
August 16, 2025: Volume 27, Number 33
August 9, 2025: Volume 27, Number 32
August 2, 2025: Volume 27, Number 31
July 26, 2025: Volume 27, Number 30
July 19, 2025: Volume 27, Number 29
July 12, 2025: Volume 27, Number 28
July 5, 2025: Volume 27, Number 27
June 28, 2025: Volume 27, Number 26
June 21, 2025: Volume 27, Number 25
June 14, 2025: Volume 27, Number 24
June 7, 2025: Volume 27, Number 23
May 31, 2025: Volume 27, Number 22
May 24, 2025: Volume 27, Number 21
May 17, 2025: Volume 27, Number 20
May 10, 2025: Volume 27, Number 19
May 3, 2025: Volume 27, Number 18
April 26, 2025: Volume 27, Number 17
April 21, 2025: Volume 27, Number 16
April 12, 2025: Volume 27, Number 15
April 5, 2025: Volume 27, Number 14
March 29, 2025: Volume 27, Number 13
March 22, 2025: Volume 27, Number 12
March 15, 2025: Volume 27, Number 11
March 8, 2025: Volume 27, Number 10
March 1, 2025: Volume 27, Number 09
February 22, 2025: Volume 27, Number 08
February 15, 2025: Volume 27, Number 07
February 8, 2025: Volume 27, Number 06
February 1, 2025: Volume 27, Number 05
January 25, 2025: Volume 27, Number 04
January 18, 2025: Volume 27, Number 03
January 11, 2025: Volume 27, Number 02
January 04, 2025: Volume 27, Number 01
December 21, 2024: Volume 26, Number 50
December 14, 2024: Volume 26, Number 49
December 7, 2024: Volume 26, Number 48
November 30, 2024: Volume 26, Number 47
November 23, 2024: Volume 26, Number 46
November 16, 2024: Volume 26, Number 45
November 9, 2024: Volume 26, Number 44
November 2, 2024: Volume 26, Number 43
October 26, 2024: Volume 26, Number 42
October 19, 2024: Volume 26, Number 41
October 12, 2024: Volume 26, Number 40
October 9, 2024: Volume 26, Number 39
September 28, 2024: Volume 26, Number 38
September 21, 2024: Volume 26, Number 37
September 14, 2024: Volume 26, Number 36
September 7, 2024: Volume 26, Number 35
August 31, 2024: Volume 26, Number 34
August 24, 2024: Volume 26, Number 33
August 17, 2024: Volume 26, Number 32
August 11, 2024: Volume 26, Number 31
August 3, 2024: Volume 26, Number 30
July 27, 2024: Volume 26, Number 29
July 20, 2024: Volume 26, Number 28
July 13, 2024: Volume 26, Number 27
July 6, 2024: Volume 26, Number 26
June 22, 2024: Volume 26, Number 24
June 15, 2024: Volume 26, Number 23
June 8, 2024: Volume 26, Number 22
June 1, 2024: Volume 26, Number 21
May 25, 2024: Volume 26, Number 20
May 18, 2024: Volume 26, Number 19
May 11, 2024: Volume 26, Number 18
May 4, 2024: Volume 26, Number 17
April 20, 2024: Volume 26, Number 16
April 13, 2024: Volume 26, Number 15
April 6, 2024: Volume 26, Number 14
March 30, 2024: Volume 26, Number 13
March 24, 2024: Volume 26, Number 12
March 16, 2024: Volume 26, Number 11
March 9, 2024: Volume 26, Number 10
March 2, 2024: Volume 26, Number 9
February 24, 2024: Volume 26, Number 8
February 17, 2024: Volume 26, Number 7
February 10, 2024: Volume 26, Number 6
February 3, 2024: Volume 26, Number 5
January 27, 2024: Volume 26, Number 4
January 20, 2024: Volume 26, Number 3
January 13, 2024: Volume 26, Number 2
January 6, 2024: Volume 26, Number 1
December 30, 2023: Volume 25, Number 53
December 30, 2023: Volume 25, Number 53
December 23, 2023: Volume 25, Number 52
December 16, 2023: Volume 25, Number 51
December 9, 2023: Volume 25, Number 50
December 2, 2023: Volume 25, Number 49
November 25, 2023: Volume 25, Number 48
November 18, 2023: Volume 25, Number 47
November 11, 2023: Volume 25, Number 46
November 4, 2023: Volume 25, Number 45
October 28, 2023: Volume 25, Number 44
October 21, 2023: Volume 25, Number 43
October 14, 2023: Volume 25, Number 42
October 7, 2023: Volume 25, Number 41
September 30, 2023: Volume 25, Number 40
September 23, 2023: Volume 25, Number 39
September 16, 2023: Volume 25, Number 38
September 9, 2023: Volume 25, Number 37
September 2, 2023: Volume 25, Number 36
August 26, 2023: Volume 25, Number 35
August 19, 2023: Volume 25, Number 34
