CVE-2025-36335
Received Received - Intake

IBM watsonx.data plain text credential exposure

Vulnerability report for CVE-2025-36335, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-30

Last updated on: 2026-04-30

Assigner: IBM Corporation

Description

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-30
Last Modified
2026-04-30
Generated
2026-07-06
AI Q&A
2026-05-01
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
ibm watsonx.data_intelligence 5.2.0
ibm watsonx.data_intelligence 5.2.1
ibm watsonx.data_intelligence 5.3.0
ibm watsonx.data_intelligence 5.3.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 where user credentials are stored in plain text.

Because the credentials are not encrypted or otherwise protected, a local user on the system can read these credentials directly.

Impact Analysis

The vulnerability allows a local user to access sensitive user credentials stored in plain text.

This can lead to unauthorized access to user accounts or systems, potentially compromising confidentiality.

The CVSS score of 6.2 indicates a medium severity impact, primarily affecting confidentiality without impacting integrity or availability.

Compliance Impact

The vulnerability involves storing user credentials in plain text, which can be read by a local user. This practice can lead to unauthorized access to sensitive information.

Storing credentials in plain text may violate security requirements in common standards and regulations such as GDPR and HIPAA, which mandate protecting personal and sensitive data against unauthorized access.

Therefore, this vulnerability could negatively impact compliance with these regulations by exposing user credentials to local attackers.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36335. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart