CVE Catalog

CVE-2025-36327

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

A vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 allows an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security.

Risk Assessment

The risk is that an authenticated user may gain access to functions or data they are not authorized to, potentially leading to a breach of confidentiality, integrity, or availability of the system.

Recommendation

It is recommended to immediately update IBM watsonx.data intelligence to the latest available version that includes a fix for this vulnerability, and to implement server-side security enforcement mechanisms.

Original NVD description (English source)

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS