CVE-2025-36375
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | DataPower Gateway 10.6CD | 10.6.1.0 <= 10.6.5.0 | affected |
| IBM | DataPower Gateway 10.5.0 | 10.5.0.0 <= 10.5.0.20 | affected |
| IBM | DataPower Gateway 10.6.0 | 10.6.0.0 <= 10.6.0.8 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.