Sensitive Information Disclosure in IBM DevOps Deploy Products
CVE-2025-36162

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Urbancode Deploy
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-36162?

An information disclosure vulnerability exists in IBM DevOps Deploy and IBM UrbanCode Deploy versions prior to 8.1.2.2, which could be exploited by an authenticated user to gain unauthorized access to sensitive configuration details of the system. This flaw emphasizes the necessity of ensuring secure access controls and the importance of maintaining updated versions to mitigate potential exposure of sensitive information.

Affected Version(s)

UrbanCode Deploy 8.1 <= 8.1.2.1

References

https://www.ibm.com/support/pages/node/7243830

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Apr 15, 2025