CVE Catalog

CVE-2025-36324

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to server-side request forgery (SSRF). An authenticated attacker can send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Risk Assessment

The risk involves an authenticated attacker being able to send unauthorized requests, which could allow internal network exploration and serve as a stepping stone for more severe attacks.

Recommendation

It is recommended to immediately update IBM watsonx.data intelligence to the latest available version that includes a fix for the SSRF vulnerability. Additionally, restrict user privileges and monitor network traffic for suspicious requests.

Original NVD description (English source)

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS