CVE-2025-36373

CWE-497CWE-1304 documents4 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 90.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
IBM Datapower GatewayIBM Datapower Gateway 10.5.0IBM Datapower Gateway 10.6.0+1 more
Timeline
PublishedApr 1

Description

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages4 packages

NVDibm/datapower_gateway10.5.0.010.5.0.21+2
CVEListV5ibm/datapower_gateway_10.5.010.5.0.010.5.0.20
CVEListV5ibm/datapower_gateway_10.6.010.6.0.010.6.0.8
CVEListV5ibm/datapower_gateway_10.6cd10.6.1.010.6.5.0

🔴Vulnerability Details

2
CVEList
Incorrect administrative access control in IBM DataPower Gateway2026-04-01
GHSA
GHSA-6hwx-hvw3-r56g: IBM DataPower Gateway 102026-04-01

📋Vendor Advisories

1
Microsoft
Apache Ant TAR archive denial of service vulnerability2021-07-13
CVE-2025-36373 (MEDIUM CVSS 6.8) | IBM DataPower Gateway 10.6CD 10.6.1 | cvebase.io