CVE-2025-36180: Medium Vulnerability in IBM watsonx.data

IBM watsonx.data versions 2.2 through 2.3 contain a medium-severity vulnerability due to improper restrictions on communication between pods. This vulnerability allows attackers to transfer data between pods without restrictions, which could lead to unauthorized access to sensitive information. The CVSS score for this vulnerability is 5.3, indicating a medium level of severity that organizations should address.

The risk to organizations includes the potential for data exfiltration and integrity issues, as attackers may leverage this vulnerability to manipulate or access sensitive data within the affected pods. Despite a moderate exploitability score, the potential impacts warrant immediate attention, especially in environments where sensitive data is processed.

Organizations should prioritize patching immediately. Failure to address this vulnerability could result in significant data exposure and loss of integrity. It is crucial for security teams to implement a remediation plan to mitigate the risks associated with this vulnerability.

As of now, there are no public exploits confirmed for this vulnerability, which offers a window of opportunity for organizations to implement necessary patches before potential exploitation occurs.

Vulnerability Details

The vulnerability identified as CVE-2025-36180 affects IBM watsonx.data versions 2.2 through 2.3. According to the official description, the issue arises from inadequate restrictions on pod communication within the IBM Lakehouse environment. This vulnerability is classified under CWE-923, indicating improper control over communication channels.

The primary CVSS score from the NVD is 7.5, categorized as high severity, while a secondary score of 5.3 from IBM indicates medium severity. The attack vector is classified as network-based, with low complexity and no privileges required for exploitation. The integrity impact is high, meaning successful exploitation could lead to significant changes in data integrity.

The vulnerability was published on April 30, 2026, and has been analyzed thoroughly. Organizations using affected versions of IBM watsonx.data should take immediate action to remediate this issue.

Technical Analysis

The root cause of CVE-2025-36180 is the failure to appropriately restrict communication between pods in IBM watsonx.data. This flaw allows for unrestricted data transfer, potentially enabling attackers to exploit this lapse in security. The attack vector is adjacent network, requiring attackers to be on the same network segment as the target pods.

Attack complexity is high, indicating that successful exploitation may require specific conditions or advanced capabilities. Importantly, no user interaction is required, and no privileges are needed to exploit this vulnerability. The impacts on confidentiality are minimal, but the integrity impact is rated as high, suggesting that an attacker could manipulate data without authorization.

In summary, organizations must understand the implications of this vulnerability, as the potential for data manipulation could have serious ramifications for data integrity and security.

Risk & Impact Analysis

The risk associated with CVE-2025-36180 is significant, particularly for organizations utilizing IBM watsonx.data in environments where sensitive data is processed or stored. The lack of proper restrictions between pods could allow malicious actors to exploit this vulnerability, leading to unauthorized data access or manipulation.

The potential blast radius of this vulnerability is broad, affecting all instances of the product across the specified version range. Organizations must assess their deployment configurations and the sensitivity of the data handled within these pods to determine the urgency of remediation.

Given the medium CVSS score, organizations should address this vulnerability in their priority patch cycle. Ensuring proper remediation will not only safeguard data integrity but also maintain compliance with data protection regulations.

Affected Versions

The vulnerability affects all versions of IBM watsonx.data from 2.2.0 to 2.3. Organizations using these versions should ensure that they apply the necessary updates to mitigate the risks associated with this vulnerability.

Mitigation & Remediation

To address CVE-2025-36180, organizations should prioritize patching their systems to the latest supported version of IBM watsonx.data. It is crucial to apply updates that include fixes for this vulnerability as soon as they become available.

If immediate patching is not possible, organizations should consider implementing network segmentation to limit communication between pods. This can help reduce the risk of unauthorized data transfers while a permanent fix is being developed.

For further guidance on securing your environment, organizations may benefit from engaging in penetration testing to identify potential weaknesses.

Detection Guidance

Organizations should monitor logs for unusual activity that may indicate unauthorized data transfers between pods. Specific indicators may include unexpected network traffic patterns or unauthorized access attempts. Implementing behavioral anomaly detection can also aid in identifying potential exploitation attempts.

AppSecure Threat Intelligence Insight

The existence of CVE-2025-36180 highlights the ongoing challenges organizations face in managing pod communication securely. As threats evolve, it is critical for security teams to stay informed about vulnerabilities that may affect their environments.

Organizations can leverage resources such as the vulnerability management program to proactively identify and remediate vulnerabilities.

Additionally, understanding trends in vulnerability exposure can guide organizations in prioritizing their security efforts. Insights from industry reports and studies can provide valuable context for risk assessment and management.

For further reading on proactive security measures, organizations may refer to our resources on penetration testing methodology and other effective security practices.