Sensitive Configuration Disclosure in IBM Business Automation Workflow Containers
CVE-2025-36058

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Business Automation Workflow Containers
Vendor: CVE Published:; 20 January 2026

What is CVE-2025-36058?

A vulnerability exists in IBM Business Automation Workflow containers that allows for the potential disclosure of sensitive configuration information through a config map. This issue affects specific versions of the product, which may inadvertently expose crucial operational details that could be leveraged by unauthorized users. Organizations utilizing these containers should assess their deployments and ensure that sensitive configurations are properly secured to mitigate potential risks.

Affected Version(s)

Business Automation Workflow containers 25.0.0 <= 25.0.0 Interim Fix 002

Business Automation Workflow containers 24.0.1 <= 24.0.1 Interim Fix 005

Business Automation Workflow containers 24.0.0 <= 24.0.0 Interim Fix 006

References

https://www.ibm.com/support/pages/node/7256777

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2026
Vulnerability Reserved
Apr 15, 2025

JSON