CVE-2025-36174
BaseFortify
Publication date: 2025-08-24
Last updated on: 2025-09-23
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | integrated_analytics_system | From 1.0.0.0 (inc) to 1.0.31.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including unauthorized execution of malicious files by other users, which can compromise confidentiality, integrity, and availability of the system. It has a high CVSS score of 8.0, indicating that an attacker with low privileges and requiring user interaction can exploit it remotely over the network, potentially causing significant damage to data and system operations. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the IBM remediation by upgrading to the special build version 1.0.31.0-WebConsole-Special-Build-IM-IIAS-fp349, which includes enhanced file upload validation to prevent the upload and execution of dangerous file types. No other workarounds or mitigations are provided. [1]
Can you explain this vulnerability to me?
This vulnerability in IBM Integrated Analytics System versions 1.0.0.0 through 1.0.30.0 allows an authenticated user to upload files of dangerous types due to insufficient validation. These malicious files could then be executed by another user when opened, leading to potential compromise. The root cause is an unrestricted file upload vulnerability (CWE-434), where the system did not properly check file extensions and content to prevent harmful files from being uploaded. [1]