Medium severity6.5NVD Advisory· Published Apr 1, 2026· Updated Apr 6, 2026
CVE-2025-36375
CVE-2025-36375
Description
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*range: >=10.5.0.0,<10.5.0.21
- cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*range: >=10.6.1.0,<10.6.6.0
- (no CPE)range: >=10.6.1.0 <=10.6.5.0 || >=10.5.0.0 <=10.5.0.20 || >=10.6.0.0 <=10.6.0.6.0.8
Patches
Vulnerability mechanics
References
1- www.ibm.com/support/pages/node/7268034nvdVendor Advisory
News mentions
0No linked articles in our index yet.