CVE Catalog

CVE-2025-36321

MediumCVSS 5.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to HTML injection. A remote attacker can inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Risk Assessment

The risk involves potential theft of credentials, user sessions, or phishing attacks within a trusted domain context, potentially leading to data confidentiality and integrity breaches.

Recommendation

It is recommended to immediately upgrade IBM watsonx.data intelligence to the latest available version that includes a fix for the HTML injection vulnerability.

Original NVD description (English source)

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS