CVE Catalog

CVE-2025-36328

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

A vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 allows a remote attacker to obtain sensitive information through detailed error messages returned in the browser. This information could be used in further attacks against the system.

Risk Assessment

The risk involves leakage of confidential data that could be leveraged for more sophisticated attacks, such as privilege escalation or data theft.

Recommendation

It is recommended to immediately apply patches provided by IBM for affected versions and configure the server to avoid returning detailed error messages to users.

Original NVD description (English source)

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.  This information could be used in further attacks against the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS