CVE-2025-36145

MEDIUM

Multiple Vulnerabilities in watsonx.data

Title source: cna
STIX 2.1

Description

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7272498

Scores

CVSS v3 5.4
EPSS 0.0017
EPSS Percentile 6.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-923
Status published
Products (2)
IBM/watsonx.data 2.2.0 - 2.3.1
ibm/watsonx.data 2.2.0 - 2.3.1
Published May 26, 2026
Tracked Since May 26, 2026