Cross-Site Request Forgery in IBM DataPower Gateway Products
CVE-2025-36375

6.5MEDIUM

What is CVE-2025-36375?

The IBM DataPower Gateway is susceptible to cross-site request forgery (CSRF), which may enable attackers to carry out unauthorized operations on behalf of a trusted user. This vulnerability affects various versions of the DataPower Gateway, potentially compromising sensitive actions. Effective user authentication and the implementation of proper security measures are critical to mitigate this risk.

Affected Version(s)

DataPower Gateway 10.5.0 10.5.0.0 <= 10.5.0.20

DataPower Gateway 10.6.0 10.6.0.0 <= 10.6.0.8

DataPower Gateway 10.6CD 10.6.1.0 <= 10.6.5.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Acknowledgement This vulnerability was reported to IBM by Maciej Włodarczyk & Michał Bartoszuk @ STM Cyber.
.