What is CVE-2025-36373?

A medium-severity vulnerability exists in IBM DataPower Gateway that could allow administrative users to access sensitive system information from other domains. Organizations should address this issue promptly to mitigate associated risks.

What is the severity of CVE-2025-36373?

CVE-2025-36373 has a severity rating of MEDIUM with a CVSS base score of 4.1.

CVE-2025-36373 | Medium Vulnerability in IBM DataPower Gateway

The vulnerability identified as CVE-2025-36373 affects IBM DataPower Gateway versions 10.6CD 10.6.1.0 through 10.6.5.0, 10.5.0 10.5.0.0 through 10.5.0.20, and 10.6.0 10.6.0.0 through 10.6.0.8. This vulnerability allows for the potential disclosure of sensitive system information from other domains to an administrative user.

This vulnerability has a CVSS score of 4.1, categorizing it as medium severity. The nature of the vulnerability indicates that the attack vector is network-based, with low complexity, but requires high privileges for exploitation. The potential impact includes low confidentiality and no integrity or availability concerns.

Risk to organizations includes unauthorized access to sensitive information, which can lead to further exploitation or data breaches. Given the nature of the vulnerability, organizations should prioritize patching immediately.

As of now, there are no known public exploits or proofs of concept available. However, the potential for exploitation remains a concern, emphasizing the need for timely remediation.

Vulnerability Details

The official description of this vulnerability indicates that it allows an administrative user to disclose sensitive system information from other domains. This is classified under CWE-497, which relates to improper handling of sensitive information.

The CVSS score, derived from the metrics provided, reflects a moderate level of risk. The CVSS vector string indicates that the vulnerability is accessible over the network (AV:N), requires low attack complexity (AC:L), and high privileges (PR:H) are necessary to exploit.

Technical Analysis

The root cause of this vulnerability stems from improper access controls that enable administrative users to access sensitive information from different domains. The attack vector for this vulnerability is network-based, meaning that an attacker could potentially exploit it over the network.

The attack complexity is low, indicating that an attacker does not require sophisticated methods to exploit the vulnerability. However, the requirement for high privileges limits the number of potential attackers to those with administrative access.

No user interaction is required for exploitation, which adds to the risk profile. The impact on confidentiality is low, as it pertains to the potential disclosure of information rather than data loss or system downtime.

Risk & Impact Analysis

Organizations utilizing IBM DataPower Gateway should be aware of the potential risks associated with this vulnerability. The fact that it allows for sensitive information exposure increases the potential for unauthorized access and data breaches.

The blast radius could be significant, particularly for organizations that manage sensitive data across domains. Immediate action is recommended to mitigate these risks, especially given the vulnerability's classification as medium severity.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of IBM DataPower Gateway include: 10.5.0 10.5.0.0 through 10.5.0.20, 10.6.0 10.6.0.0 through 10.6.0.8, and 10.6CD 10.6.1.0 through 10.6.5.0. Organizations should consider all versions prior to the vendor patch as vulnerable.

Mitigation & Remediation

Organizations should apply the latest patches to their IBM DataPower Gateway installations to remediate this vulnerability. For those unable to immediately patch, implementing strict access controls and monitoring logs for suspicious activity can help mitigate potential risks.

Additionally, organizations should consider engaging in penetration testing to identify further vulnerabilities in their systems.

Detection Guidance

Organizations should monitor logs for any unauthorized access attempts and review user roles to ensure that only necessary privileges are granted to administrative users.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-36373 lies in its potential to expose sensitive data, which highlights the ongoing need for robust security practices in managing administrative access.

Security teams should take this as a reminder of the importance of reviewing and updating their security policies regularly.

For further insights, organizations can explore our resources on vulnerability management and penetration testing methodology to enhance their security posture.

Lastly, the evolving landscape of cybersecurity threats reinforces the need for continuous improvement in security measures.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-36373: Medium Vulnerability in IBM DataPower Gateway