CVE-2025-36145
Description
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM watsonx.data Lakehouse component versions 2.2 through 2.3.1 improperly restrict network connections, allowing an attacker to transfer or modify files without restrictions.
Vulnerability
IBM watsonx.data versions 2.2 through 2.3.1, specifically the IBM Lakehouse component, contain a vulnerability where inbound and outbound connections are not properly restricted. This allows an attacker to transfer or modify files without restrictions. The affected versions are 2.2 to 2.3.1 inclusive.
Exploitation
An attacker with network access to the affected watsonx.data instance can exploit this vulnerability by sending crafted network requests. The lack of proper connection restrictions enables the attacker to initiate file transfers or modifications without proper authorization.
Impact
Successful exploitation allows an attacker to transfer or modify files without restrictions. This can lead to unauthorized disclosure of sensitive data (confidentiality impact) and unauthorized alteration of files (integrity impact). The attacker may gain the ability to exfiltrate data or tamper with stored files.
Mitigation
IBM has released a security bulletin (see reference [1]) addressing this vulnerability. Users should upgrade to the latest version of IBM watsonx.data as recommended in the bulletin. No workarounds are mentioned in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: >=2.2, <=2.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.