CVE-2025-36145

5.4 MEDIUM

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacke...

Published: 2026-05-26 · Last updated: 2026-06-01

Severity and scoring

CVSS: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-923

Affected products

Vendor	Product
ibm	watsonx.data

Description

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-36145
[Vendor advisory]https://www.ibm.com/support/pages/node/7272498

Related CVEs

Same vendor

CVE-2026-4870 — IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontr... (7.5 HIGH)
CVE-2026-7870 — IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call (8.8 HIGH)
CVE-2026-4096 — IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers (6.5 MEDIUM)
CVE-2024-45636 — IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user (4.1 MEDIUM)
CVE-2026-9330 — IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using th... (8.5 HIGH)