Input Validation Bypass in IBM Controller and Cognos Controller
CVE-2025-36102

2.7LOW

Key Information:

Vendor: IBM
Status: Controller; Cognos Controller
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-36102?

A significant vulnerability exists in IBM Controller versions 11.1.0 to 11.1.1 and IBM Cognos Controller versions 11.0.0 to 11.0.1 FP6, allowing a privileged user to bypass server-side validation. This vulnerability arises from the reliance on client-side enforcement of security measures, which can result in untrusted data being processed by the application, potentially leading to unauthorized access or actions.

Affected Version(s)

Cognos Controller 11.0.0 <= 11.0.1 FP6

Controller 11.1.0 <= 11.1.1

References

https://www.ibm.com/support/pages/node/7253273

vendor-advisorypatch

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 15, 2025

JSON