CVE-2025-36221
Analyzed Analyzed - Analysis Complete
Default Passwords in IBM Cloud Pak for Data System

Publication date: 2026-05-26

Last updated on: 2026-06-02

Assigner: IBM Corporation

Description
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-36221
EUVD
EUVD-2025-209932
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
ibm cloud_pak_for_data_system_-_cyclops to 11.3.0.2 (exc)
ibm cloud_pak_for_data_system_-_cyclops 11.3.0.2
ibm cloud_pak_for_data_system_-_cyclops 11.3.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in IBM Cloud Pak for Data System versions 11.3.0.2 through Interim Fix 002. It involves the use of default passwords that come from the manufacturing process and are used during the installation process. Because these default passwords are known or predictable, an attacker could exploit this to bypass authentication mechanisms.

Compliance Impact

This vulnerability involves the use of default passwords during the installation process, which could allow an attacker to bypass authentication.

By allowing unauthorized access, this vulnerability could potentially lead to unauthorized access to sensitive data, which may impact compliance with standards and regulations such as GDPR and HIPAA that require protection of personal and health information.

However, the provided context does not explicitly state the direct impact on compliance with these regulations.

Mitigation Strategies

The vulnerability involves the use of default passwords from the manufacturing process during installation, which could allow an attacker to bypass authentication.

Immediate mitigation steps include changing any default passwords used during installation to strong, unique passwords to prevent unauthorized access.

Additionally, applying any available patches or updates from IBM for the affected versions of IBM Cloud Pak for Data System is recommended once they become available.

Impact Analysis

The vulnerability could allow an attacker to bypass authentication on the affected IBM Cloud Pak for Data System. This means unauthorized users might gain access to the system without proper credentials, potentially leading to unauthorized actions or access to sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart