CVE-2025-36222

Description

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-11 | Updated 2025-09-13 | Assigner ibm

Problem types

CWE-1188 Insecure Default Initialization of Resource

Product status

Credits

Robert Hotchkiss finder

References

www.ibm.com/support/pages/node/7244646 vendor-advisory patch

cve.org (CVE-2025-36222)

nvd.nist.gov (CVE-2025-36222)

Download JSON