CVE-2025-36172 is a stored cross-site scripting (XSS) vulnerability identified in IBM Cloud Pak for Business Automation versions 24.0.0 through 25.0.0, including several interim fixes. This vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an authenticated user to embed arbitrary JavaScript code within the web user interface. Because the malicious script is stored, it can execute whenever a victim user accesses the affected page, potentially altering the intended functionality of the application. The injected script can lead to the disclosure of sensitive information such as user credentials within a trusted session context. The vulnerability requires the attacker to have authenticated access but does not require any user interaction to trigger the exploit once the malicious code is stored. The CVSS v3.1 base score is 6.4, reflecting medium severity, with attack vector as network, low attack complexity, privileges required as low, no user interaction, and scope changed due to potential impact beyond the vulnerable component. The vulnerability does not affect availability but impacts confidentiality and integrity. No public exploits have been reported yet, but the presence of stored XSS in a business-critical automation platform poses a significant risk, especially in environments with multiple users and sensitive workflows. IBM has not yet published patches or interim fixes addressing this issue at the time of this report, so organizations must be vigilant in monitoring and applying updates once available.

For European organizations, the impact of CVE-2025-36172 can be significant, especially for enterprises relying on IBM Cloud Pak for Business Automation to manage critical business processes. The stored XSS vulnerability can lead to unauthorized disclosure of credentials and session hijacking, potentially allowing attackers to escalate privileges or gain unauthorized access to sensitive automation workflows and data. This can disrupt business operations, compromise data integrity, and expose confidential information. Given the integration of IBM Cloud Pak with other enterprise systems, a successful exploit could facilitate lateral movement within corporate networks. The risk is heightened in sectors such as finance, manufacturing, and government, where automation platforms are widely used and data sensitivity is high. Additionally, compliance with GDPR and other data protection regulations means that any data breach resulting from this vulnerability could lead to regulatory penalties and reputational damage. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as attackers often develop exploits after vulnerabilities become public.

European organizations should implement a multi-layered mitigation strategy. First, they must monitor IBM security advisories closely and apply patches or interim fixes as soon as they become available. Until patches are released, organizations should restrict access to the IBM Cloud Pak for Business Automation web interface to trusted users and networks, employing network segmentation and VPNs to limit exposure. Implement strict input validation and output encoding on all user-supplied data within the application, if customization is possible, to prevent injection of malicious scripts. Employ web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting IBM Cloud Pak interfaces. Conduct regular security assessments and penetration testing focusing on the automation platform to identify and remediate injection points. Educate users about the risks of stored XSS and encourage vigilance for suspicious behavior in the application. Finally, enforce strong authentication and session management controls to reduce the impact of potential credential theft.