Stored Cross-Site Scripting Vulnerability in IBM Lakehouse by IBM
CVE-2025-36139

5.5MEDIUM

Key Information:

Vendor

IBM
Status
Watsonx.data
Vendor
CVE Published:
18 September 2025

What is CVE-2025-36139?

IBM Lakehouse (watsonx.data 2.2) is exposed to a stored cross-site scripting vulnerability that permits a privileged user to inject malicious JavaScript into the Web UI. This could manipulate application functionality and may compromise credentials within an authorized session, presenting serious security risks for users and sensitive data.

Affected Version(s)

watsonx.data 2.2

References

https://www.ibm.com/support/pages/node/7245387
vendor-advisorypatch

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.