CVE-2025-36145

Summary

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.

Affected Software

VendorProductVersion RangeStatus
IBMwatsonx.data2.2.0 <= 2.3.1affected

Weaknesses

  • CWE-923: CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References