CVE-2025-36105
Received Received - Intake
Information Disclosure via Environment Variables in IBM Planning Analytics Containers

Publication date: 2026-03-10

Last updated on: 2026-05-06

Assigner: IBM Corporation

Description
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-03-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-36105
EUVD
EUVD-2025-208459
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm planning_analytics_advanced_certified_containers From 3.1.0 (inc) to 3.1.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-526 The product uses an environment variable to store unencrypted sensitive information.
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-36105 is a vulnerability in IBM Planning Analytics Advanced Certified Containers versions 3.1.0 through 3.1.4. It allows a local privileged user to obtain sensitive information stored in environment variables. This is a sensitive information disclosure flaw classified under CWE-526, which involves the cleartext storage of sensitive information in environment variables.

Impact Analysis

This vulnerability can impact you by allowing a local user with high privileges to access sensitive information that is stored in environment variables. Although it requires local access and high privileges, the confidentiality of sensitive data is compromised, which could lead to unauthorized disclosure of critical information.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves a local privileged user accessing sensitive information stored in environment variables within IBM Planning Analytics Advanced Certified Containers versions 3.1.0 through 3.1.4.

Detection would require verifying the version of IBM Planning Analytics Advanced Certified Containers installed on the system to see if it falls within the vulnerable range (3.1.0 through 3.1.4).

Since the vulnerability is local and related to environment variables, there are no specific network detection commands provided.

  • Check the installed version of IBM Planning Analytics Advanced Certified Containers, for example by running a command or checking the software version via its management interface.
  • Review environment variables accessible to privileged users to identify if sensitive information is exposed.
Mitigation Strategies

IBM has addressed this vulnerability by releasing version 3.1.5 of IBM Planning Analytics Advanced Certified Containers.

There are no workarounds or mitigations provided other than upgrading.

  • Upgrade IBM Planning Analytics Advanced Certified Containers to version 3.1.5 or later as soon as possible.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart