SQL Injection Vulnerability in IBM Cloud Pak for Data System
CVE-2025-36220

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Pak For Data System - Cyclops
Vendor: CVE Published:; 26 May 2026

What is CVE-2025-36220?

IBM Cloud Pak for Data System versions Cyclops 11.3.0.2 through Interim Fix 002 are susceptible to a SQL injection vulnerability. This allows a remote attacker to exploit the system by transmitting specially crafted SQL queries. If successful, the attacker could gain unauthorized access to the back-end database, potentially allowing them to view, modify, add, or delete sensitive information. Organizations using this software should take immediate steps to apply the necessary patches and mitigate this risk.

Affected Version(s)

Cloud Pak for Data System - Cyclops 11.3.0.2

References

https://www.ibm.com/support/pages/node/7273923

vendor-advisorypatch

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-36220 Data

JSON