CVE-2025-36145— Multiple Vulnerabilities in watsonx.data

CVSS 5.4 · Medium EPSS 0.02% · P7 Updated May 27, 2026

Possible ATT&CK Techniques 1AI

T1048 · Exfiltration Over Alternative Protocol

Affected Version Matrix 1

Vendor	Product	Version Range	Status
IBM	watsonx.data	`2.2.0≤ 2.3.1`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-36145

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Multiple Vulnerabilities in watsonx.data

Source: NVD (National Vulnerability Database)

Vulnerability Description

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通信信道对预期端点的不适当限制

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM Watsonx.data 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM Watsonx.data是美国国际商业机器（IBM）公司的一款开放式数据湖仓平台。 IBM Watsonx.data 2.2版本至2.3.1版本存在安全漏洞，该漏洞源于未正确限制入站和出站连接，可能导致攻击者无限制地传输或修改文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM	watsonx.data	2.2.0 ~ 2.3.1	`cpe:2.3:a:ibm:watsonxdata:2.2:::::::*`

II. Public POCs for CVE-2025-36145

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-36145

请登录查看更多情报信息。

Other References for CVE-2025-36145 (1)

https://www.ibm.com/support/pages/node/7272498vendor-advisorypatch

https://nvd.nist.gov/vuln/detail/CVE-2025-36145

Same Patch Batch · IBM · 2026-05-26 · 20 CVEs total

CVE-2026-3660	9.8 CRITICAL	IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Byp
CVE-2026-8633	9.8 CRITICAL	IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by
CVE-2026-8855	8.1 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8834	8.0 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8856	7.7 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8850	7.5 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8620	7.5 HIGH	IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by
CVE-2026-8854	7.5 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-8835	7.3 HIGH	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2026-4051	7.2 HIGH	IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth R
CVE-2026-3603	7.1 HIGH	IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entit
CVE-2025-36126	6.4 MEDIUM	IBM Cognos Analytics is affected by Cross-site scripting.
CVE-2026-8852	6.2 MEDIUM	IBM HTTP Server is affected by multiple vulnerabilities
CVE-2025-13755	5.5 MEDIUM	IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase
CVE-2025-36148	5.4 MEDIUM	IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to c
CVE-2025-14290	5.4 MEDIUM	IBM webMethods Integration Sever is vulnerable to server-side request forgery
CVE-2025-36221	5.3 MEDIUM	Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
CVE-2025-36220	4.3 MEDIUM	Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
CVE-2026-9170		IBM HTTP Server is affected by multiple vulnerabilities

IV. Related Vulnerabilities

Same product: watsonx.data

Same vendor: IBM

Same weakness: CWE-923

V. Comments for CVE-2025-36145

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-36145— Multiple Vulnerabilities in watsonx.data

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

I. Basic Information for CVE-2025-36145

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-36145

III. Intelligence Information for CVE-2025-36145

Other References for CVE-2025-36145 (1)

Same Patch Batch · IBM · 2026-05-26 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-36145

Leave a comment