Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-36183
PUBLISHED
More InfoOfficial Page
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
View Known Exploited Vulnerability (KEV) details
Published At-17 Feb, 2026 | 21:32
Updated At-17 Feb, 2026 | 21:33
Rejected At-
▼CVE Numbering Authority (CNA)
Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.

Affected Products
Vendor
IBM CorporationIBM
Product
watsonx.data
CPEs
  • cpe:2.3:a:ibm:watsonxdata:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:watsonxdata:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:watsonxdata:2.2.1:*:*:*:*:*:*:*
Versions
Affected
  • From 2.2 through 2.2.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.13.8LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 3.8
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The product needs to be installed or upgraded to the latest available level watsonx.data 2.2.2 or watsonx.data on CPD 5.2.2.  Installation/upgrade instructions can be found here: https://www.ibm.com/docs/en/watsonx/watsonxdata/5.2.x?topic=deployment-installing .

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/7260118
vendor-advisory
patch
Hyperlink: https://www.ibm.com/support/pages/node/7260118
Resource:
vendor-advisory
patch
Details not found