CVE-2025-36180 | THREATINT

Description

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

PUBLISHED Reserved 2025-04-15 | Published 2026-04-30 | Updated 2026-05-01 | Assigner ibm

MEDIUM: 5.3CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

Product status

2.2.0 (semver)

affected

References

www.ibm.com/support/pages/node/7270593 vendor-advisory patch

cve.org (CVE-2025-36180)

nvd.nist.gov (CVE-2025-36180)

Download JSON