Unrated severityNVD Advisory· Published Sep 11, 2025· Updated Feb 26, 2026

IBM Fusion insecure default configuration

CVE-2025-36222

Description

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.

Affected products

IBM/Fusionv5
cpe:2.3:a:ibm:storage_fusion:2.2.0:*:*:*:*:*:*:*
Range: 2.2.0
IBM/Fusion HCIv5
cpe:2.3:a:ibm:storage_fusion_hci:2.2.0:*:*:*:*:*:*:*
Range: 2.2.0
IBM/Fusion HCI for watsonxv5
cpe:2.3:a:ibm:storage_fusion_hci_for_watsonx:2.8.2:*:*:*:*:*:*:*
Range: 2.8.2
IBM/Fusion HCIllm-create
Range: 2.2.0 to 2.10.0
IBM/Fusion HCI for watsonxllm-create
Range: 2.8.2 to 2.10.0
WordPress/Fusionllm-fuzzy
Range: 2.2.0 to 2.10.1
Package: https://wordpress.org/plugins/fusion

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7244646mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000