CVE-2025-36094
Unknown Unknown - Not Provided
Input Validation Flaw in IBM Cloud Pak Causes DoS, Data Corruption

Publication date: 2026-02-03

Last updated on: 2026-02-25

Assigner: IBM Corporation

Description
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-25
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-36094
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
ibm cloud_pak_for_business_automation 24.0.0
ibm cloud_pak_for_business_automation 24.0.0
ibm cloud_pak_for_business_automation 24.0.0
ibm cloud_pak_for_business_automation 24.0.1
ibm cloud_pak_for_business_automation 24.0.1
ibm cloud_pak_for_business_automation 24.0.1
ibm cloud_pak_for_business_automation 24.0.1
ibm cloud_pak_for_business_automation 25.0.0
ibm cloud_pak_for_business_automation 25.0.0
ibm cloud_pak_for_business_automation 24.0.1
ibm cloud_pak_for_business_automation 25.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects IBM Cloud Pak for Business Automation versions 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007. It allows an authenticated user to cause a denial of service or corrupt existing data due to improper validation of input length.


How can this vulnerability impact me? :

The vulnerability can impact you by enabling an authenticated user to cause a denial of service, which can disrupt the availability of the affected system. Additionally, it can lead to corruption of existing data, potentially affecting data integrity.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart