CVE-2025-36180

Summary

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

Affected Software

VendorProductVersion RangeStatus
IBMwatsonx.data2.2.0 <= 2.3.0affected

Weaknesses

  • CWE-923: CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References