CVE-2025-36373

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7267833	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway::::::::
	cpe:2.3:a:ibm:datapower_gateway:::::continuous_delivery:::*

History

06 Apr 2026, 16:50

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://www.ibm.com/support/pages/node/7267833 -~~	() https://www.ibm.com/support/pages/node/7267833 - Vendor Advisory
First Time		Ibm datapower Gateway Ibm
CPE		cpe:2.3:a:ibm:datapower_gateway:::::::: cpe:2.3:a:ibm:datapower_gateway:::::continuous_delivery:::*

01 Apr 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-01 21:16

Updated : 2026-04-06 16:50

NVD link : CVE-2025-36373

Mitre link : CVE-2025-36373

CVE.ORG link : CVE-2025-36373

JSON object : View

Products Affected

ibm

datapower_gateway

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

NVD-CWE-noinfo

{"id": "CVE-2025-36373", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2026-04-01T21:16:57.897", "references": [{"url": "https://www.ibm.com/support/pages/node/7267833", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-497"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user."}], "lastModified": "2026-04-06T16:50:00.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE32BDC7-B268-4779-A283-F94DCF1433D3", "versionEndExcluding": "10.5.0.21", "versionStartIncluding": "10.5.0.0"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9036053D-6E1A-4B2F-ACCA-5E3F4443F73E", "versionEndExcluding": "10.6.0.9", "versionStartIncluding": "10.6.0.0"}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*", "vulnerable": true, "matchCriteriaId": "E75118C5-5C01-404E-B857-56B9D6CA2119", "versionEndExcluding": "10.6.6.0", "versionStartIncluding": "10.6.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}