Improper Access Control in IBM Cloud Pak For Business Automation
CVE-2025-36093

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Pak For Business Automation
Vendor: CVE Published:; 3 November 2025

What is CVE-2025-36093?

IBM Cloud Pak For Business Automation versions 25.0.0, 24.0.1, and 24.0.0 are susceptible to unauthorized access threats due to inadequate access controls. This vulnerability enables attackers to leverage man-in-the-middle techniques, potentially allowing them to intercept communications and manipulate or access sensitive content and actions within the affected products. Organizations utilizing these versions should apply necessary security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Cloud Pak For Business Automation 25.0.0

Cloud Pak For Business Automation 24.0.1

Cloud Pak For Business Automation 24.0.0

References

https://www.ibm.com/support/pages/node/7249999

vendor-advisorypatch

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2025
Vulnerability Reserved
Apr 15, 2025

JSON