CVE-2025-36375 | THREATINT

Description

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

PUBLISHED Reserved 2025-04-15 | Published 2026-04-01 | Updated 2026-04-03 | Assigner ibm

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

10.6.1.0 (semver)

affected

10.5.0.0 (semver)

affected

10.6.0.0 (semver)

affected

Credits

Acknowledgement This vulnerability was reported to IBM by Maciej Włodarczyk & Michał Bartoszuk @ STM Cyber. finder

References

www.ibm.com/support/pages/node/7268034 vendor-advisory patch

cve.org (CVE-2025-36375)

nvd.nist.gov (CVE-2025-36375)

Download JSON