Cross-Site Request Forgery in IBM DataPower Gateway Products
CVE-2025-36375
6.5MEDIUM
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 1 April 2026
What is CVE-2025-36375?
The IBM DataPower Gateway is susceptible to cross-site request forgery (CSRF), which may enable attackers to carry out unauthorized operations on behalf of a trusted user. This vulnerability affects various versions of the DataPower Gateway, potentially compromising sensitive actions. Effective user authentication and the implementation of proper security measures are critical to mitigate this risk.
Affected Version(s)
DataPower Gateway 10.5.0 10.5.0.0 <= 10.5.0.20
DataPower Gateway 10.6.0 10.6.0.0 <= 10.6.0.8
DataPower Gateway 10.6CD 10.6.1.0 <= 10.6.5.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Acknowledgement This vulnerability was reported to IBM by Maciej Włodarczyk & Michał Bartoszuk @ STM Cyber.