CVE-2025-36180
IBM watsonx.data Pod-to-Pod Data Transfer Vulnerability
Publication date: 2026-04-30
Last updated on: 2026-04-30
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | watsonx.data | From 2.2 (inc) to 2.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-923 | The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in IBM watsonx.data versions 2.2 through 2.3 IBM Lakehouse. It occurs because the system does not properly restrict communication between pods, which are isolated units within the environment. As a result, an attacker could exploit this flaw to transfer data between pods without any restrictions.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to move data between pods without restrictions, potentially leading to unauthorized data access or data leakage. Although it does not affect confidentiality directly according to the CVSS score, it impacts integrity by allowing unauthorized modification or transfer of data between pods.