CVE-2025-36145 | THREATINT

Description

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

PUBLISHED Reserved 2025-04-15 | Published 2026-05-26 | Updated 2026-05-26 | Assigner ibm

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

Product status

2.2.0 (semver)

affected

References

www.ibm.com/support/pages/node/7272498 vendor-advisory patch

cve.org (CVE-2025-36145)

nvd.nist.gov (CVE-2025-36145)

Download JSON