Improper Communication Restriction in IBM Lakehouse Affecting WatsonX.Data
CVE-2025-36180

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Watsonx.data
Vendor: CVE Published:; 30 April 2026

What is CVE-2025-36180?

The IBM Lakehouse implementation in versions 2.2 and 2.3 of watsonx.data lacks proper restrictions on inter-pod communication. This vulnerability could potentially allow unauthorized data transfer between pods, posing a risk of data exposure and manipulation. Organizations using these versions need to address this security flaw to maintain the integrity of their data operations.

Affected Version(s)

watsonx.data 2.2.0 <= 2.3.0

References

https://www.ibm.com/support/pages/node/7270593

vendor-advisorypatch

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-36180 Data

JSON