CVE-2025-36180

MEDIUM
Published Apr 30, 2026 Modified May 12, 2026 CWE-923

Description

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

CVSS v3.1 Score

5.3
MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS — Exploit Prediction

0.0004
Probability of exploitation
0.14%
Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-923 CWE-923

Affected Products

Vendor Product
ibm watsonx.data

References

Frequently Asked Questions

What is CVE-2025-36180? +
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. It has a CVSS v3.1 base score of 5.3 (MEDIUM).
How severe is CVE-2025-36180? +
CVE-2025-36180 has a CVSS v3.1 score of 5.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0004, placing it in the 0th percentile for exploitation probability.
What products are affected by CVE-2025-36180? +
CVE-2025-36180 affects products from ibm, specifically: watsonx.data. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-36180? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-46566 9.8

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the …
CVE-2024-41889 9.8

Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by …
CVE-2023-28078 9.1

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated …
CVE-2025-48999 8.8

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior …
CVE-2025-20261 8.8

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS …
CVE-2024-26131 8.4

Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-36180 — free, no signup required.

Start Free Scan