CVE-2025-36422
Received Received - Intake
Cross-Site Request Forgery in IBM InfoSphere DataStage Flow Designer

Publication date: 2026-03-25

Last updated on: 2026-03-26

Assigner: IBM Corporation

Description
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-36422
EUVD
EUVD-2025-209025
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm infosphere_information_server From 11.7.0.0 (inc) to 11.7.1.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should apply the fixes provided in APAR DT454212.

Upgrade affected IBM InfoSphere Information Server versions to 11.7.1.0, 11.7.1.6, or apply the 11.7.1.6 Service Pack 2.

Currently, no workarounds or mitigations are available other than applying the official fixes and upgrades.

Executive Summary

CVE-2025-36422 is a cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server, specifically in the DataStage Flow Designer component versions 11.7.0.0 through 11.7.1.6.

This vulnerability allows an attacker to trick a user into executing unauthorized and malicious actions on the website that the user is authenticated to, by exploiting the trust the website has in the user's browser.

The attack requires user interaction but no special privileges, and it can be performed remotely over the network.

Impact Analysis

This vulnerability can impact you by allowing attackers to perform unauthorized actions on your IBM InfoSphere DataStage Flow Designer environment without your consent.

Although it does not affect confidentiality or availability, it has a low impact on integrity, meaning attackers could potentially alter data or configurations in a limited way.

Since the attack requires user interaction, the risk depends on users being tricked into executing malicious requests.

There are currently no workarounds or mitigations available, so applying the provided fixes or upgrading to patched versions is necessary to protect against this vulnerability.

Compliance Impact

The provided information does not specify how the CVE-2025-36422 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36422. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart