CVE-2025-36093

Summary

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak For Business Automation25.0.0affected
IBMCloud Pak For Business Automation24.0.1affected
IBMCloud Pak For Business Automation24.0.0affected

Weaknesses

  • CWE-602: CWE-602 Client-Side Enforcement of Server-Side Security

Workarounds

Workarounds and Mitigations None.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References