CVE-2025-36145 - Vulnerability Details - OpenCVE

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Watsonxdata

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7272498

History

Tue, 26 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
Title		Multiple Vulnerabilities in watsonx.data
First Time appeared		Ibm Ibm watsonxdata
Weaknesses		CWE-923
CPEs		cpe:2.3:a:ibm:watsonxdata:2.2.0:::::::* cpe:2.3:a:ibm:watsonxdata:2.2:::::::* cpe:2.3:a:ibm:watsonxdata:2.3.1:::::::*
Vendors & Products		Ibm Ibm watsonxdata
References		https://www.ibm.com/support/pages/node/7272498
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-05-26T15:50:54.945Z

Updated: 2026-05-26T17:42:05.425Z

Reserved: 2025-04-15T21:16:19.940Z

Link: CVE-2025-36145

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-26T17:16:28.870

Modified: 2026-05-26T17:16:28.870

Link: CVE-2025-36145

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36145", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:19.940Z", "datePublished": "2026-05-26T15:50:54.945Z", "dateUpdated": "2026-05-26T17:42:05.425Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-05-26T15:50:54.945Z"}, "title": "Multiple Vulnerabilities in watsonx.data", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-923", "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "watsonx.data", "versions": [{"status": "affected", "version": "2.2.0", "lessThanOrEqual": "2.3.1", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:watsonxdata:2.3.1:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7272498", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "The product needs to be installed or upgraded to the latest available level watsonx.data 2.3.x or watsonx.data on CPD 5.3.x. \u00a0Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The product needs to be installed or upgraded to the latest available level watsonx.data 2.3.x or watsonx.data on CPD 5.3.x.  Installation/upgrade instructions can be found here: <a href=\"https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing\" rel=\"nofollow\">https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing</a></p>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T17:41:52.481115Z", "id": "CVE-2025-36145", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T17:42:05.425Z"}}]}}