CVE-2025-36222

HIGH

IBM Fusion <2.10.1 - Info Disclosure

Title source: llm

Description

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7244646

Scores

CVSS v3 8.7

EPSS 0.0003

EPSS Percentile 8.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1188

Status published

Products (3)

ibm/storage_fusion 2.2.0 - 2.11.0

ibm/storage_fusion_hci 2.2.0 - 2.11.0

ibm/storage_fusion_hci_for_watsonx 2.8.2 - 2.11.0

Published Sep 11, 2025

Tracked Since Feb 18, 2026