CVE-2025-36180 PUBLISHED

Inadequate Pod Communication Restrictions, affects watsonx.data

Assigner: ibm
Reserved: 15.04.2025 Published: 30.04.2026 Updated: 30.04.2026

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS Score: 5.3

Attack Vector	Adjacent Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	watsonx.data
Versions	affected from 2.2.0 to 2.3.0 (incl.)

Solutions

The product needs to be installed or upgraded to the latest available level watsonx.data 2.3.1 or watsonx.data on CPD 5.3.1. Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/software-hub/5.3.x?topic=watsonxdata-installing

References

https://www.ibm.com/support/pages/node/7270593

Problem Types

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints CWE