CVE-2025-36093 — Client-Side Enforcement of Server-Side Security in IBM Cloud PAK FOR Business Automation

CWE-602 — Client-Side Enforcement of Server-Side Security3 documents3 sources

Severity

7.4HIGHNVD

CNA4.8

EPSS

0.0%

top 94.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK FOR Business Automation

Timeline

PublishedNov 3

Description

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5ibm/cloud_pak_for_business_automation24.0.0, 24.0.1, 25.0.0+2

▶NVDibm/cloud_pak24.0.0, 24.0.1, 25.0.0+2

🔴Vulnerability Details

GHSA

GHSA-jww4-hp22-h876: IBM Cloud Pak For Business Automation 25↗2025-11-03

▶

CVEList

security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.↗2025-11-03

▶