CVE-2025-36321
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to HTML injection. A remote attacker can inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Risk Assessment
The risk involves potential theft of credentials, user sessions, or phishing attacks within a trusted domain context, potentially leading to data confidentiality and integrity breaches.
Recommendation
It is recommended to immediately upgrade IBM watsonx.data intelligence to the latest available version that includes a fix for the HTML injection vulnerability.
Original NVD description (English source)
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

