CVE-2025-36221
Analyzed Analyzed - Analysis Complete

Default Passwords in IBM Cloud Pak for Data System

Vulnerability report for CVE-2025-36221, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-26

Last updated on: 2026-06-02

Assigner: IBM Corporation

Description

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-26
Last Modified
2026-06-02
Generated
2026-07-06
AI Q&A
2026-05-26
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
ibm cloud_pak_for_data_system_-_cyclops to 11.3.0.2 (exc)
ibm cloud_pak_for_data_system_-_cyclops 11.3.0.2
ibm cloud_pak_for_data_system_-_cyclops 11.3.0.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in IBM Cloud Pak for Data System versions 11.3.0.2 through Interim Fix 002. It involves the use of default passwords that come from the manufacturing process and are used during the installation process. Because these default passwords are known or predictable, an attacker could exploit this to bypass authentication mechanisms.

Impact Analysis

The vulnerability could allow an attacker to bypass authentication on the affected IBM Cloud Pak for Data System. This means unauthorized users might gain access to the system without proper credentials, potentially leading to unauthorized actions or access to sensitive data.

Compliance Impact

This vulnerability involves the use of default passwords during the installation process, which could allow an attacker to bypass authentication.

By allowing unauthorized access, this vulnerability could potentially lead to unauthorized access to sensitive data, which may impact compliance with standards and regulations such as GDPR and HIPAA that require protection of personal and health information.

However, the provided context does not explicitly state the direct impact on compliance with these regulations.

Mitigation Strategies

The vulnerability involves the use of default passwords from the manufacturing process during installation, which could allow an attacker to bypass authentication.

Immediate mitigation steps include changing any default passwords used during installation to strong, unique passwords to prevent unauthorized access.

Additionally, applying any available patches or updates from IBM for the affected versions of IBM Cloud Pak for Data System is recommended once they become available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart