HTML Injection Vulnerability in IBM WatsonX.data Intelligence
CVE-2025-36321

5.7MEDIUM

Key Information:

Vendor: IBM
Status: Watsonx.data Intelligence
Vendor: CVE Published:; 30 June 2026

What is CVE-2025-36321?

IBM WatsonX.data Intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are susceptible to an HTML injection vulnerability. This allows remote attackers to inject malicious HTML code, which could be executed in the victim's web browser. This vulnerability poses a significant risk as it can be exploited to manipulate web content and potentially execute unauthorized actions within the context of the affected site. Users of these versions should apply available patches to mitigate risks.

Affected Version(s)

watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0

References

https://www.ibm.com/support/pages/node/7277801

vendor-advisorypatch

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-36321 Data

JSON