Sensitive Data Disclosure in IBM DataPower Gateway
CVE-2025-36373

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Datapower Gateway 10.6cd; Datapower Gateway 10.5.0; Datapower Gateway 10.6.0
Vendor: CVE Published:; 1 April 2026

What is CVE-2025-36373?

A vulnerability exists in IBM DataPower Gateway that allows an administrative user to inadvertently disclose sensitive system information from other domains. This issue affects several versions of the DataPower Gateway and poses a risk of exposing critical data, necessitating prompt attention to apply security patches and safeguard against potential exploitation.

Affected Version(s)

DataPower Gateway 10.5.0 10.5.0.0 <= 10.5.0.20

DataPower Gateway 10.6.0 10.6.0.0 <= 10.6.0.8

DataPower Gateway 10.6CD 10.6.1.0 <= 10.6.5.0

References

https://www.ibm.com/support/pages/node/7267833

vendor-advisorypatch

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Apr 15, 2025

Credit

Acknowledgement This vulnerability was reported to IBM by Michał Bartoszuk & Maciej Włodarczyk @ STM Cyber.

CVE-2025-36373 Data

JSON