CVE-2025-36324: CWE-918 Server-Side Request Forgery (SSRF) in IBM watsonx.data intelligence
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
AI Analysis
Technical Summary
CVE-2025-36324 is a server-side request forgery (SSRF) vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated attacker could exploit this vulnerability to send unauthorized requests from the system, potentially enabling network enumeration or other attack vectors. The vulnerability is classified under CWE-918 and has a CVSS 3.1 base score of 4.3 (medium severity). There is no vendor advisory or patch currently available, and the product is not a cloud service, so remediation depends on IBM's future updates.
Potential Impact
An authenticated attacker can leverage this SSRF vulnerability to make unauthorized requests from the affected system. This may allow the attacker to enumerate internal networks or facilitate further attacks. The confidentiality impact is low, with no integrity or availability impacts reported. No known exploits are currently in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is currently available, monitor IBM's advisories for updates. Limit access to the affected versions to trusted users to reduce risk until a patch is released.
CVE-2025-36324: CWE-918 Server-Side Request Forgery (SSRF) in IBM watsonx.data intelligence
Description
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS v3.1
Score 4.3medium
Affected software
cpe:2.3:a:ibm:watsonxdata_intelligence:5.2.0:*:*:*:*:*:*:*Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-36324 is a server-side request forgery (SSRF) vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated attacker could exploit this vulnerability to send unauthorized requests from the system, potentially enabling network enumeration or other attack vectors. The vulnerability is classified under CWE-918 and has a CVSS 3.1 base score of 4.3 (medium severity). There is no vendor advisory or patch currently available, and the product is not a cloud service, so remediation depends on IBM's future updates.
Potential Impact
An authenticated attacker can leverage this SSRF vulnerability to make unauthorized requests from the affected system. This may allow the attacker to enumerate internal networks or facilitate further attacks. The confidentiality impact is low, with no integrity or availability impacts reported. No known exploits are currently in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is currently available, monitor IBM's advisories for updates. Limit access to the affected versions to trusted users to reduce risk until a patch is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- ibm
- Date Reserved
- 2025-04-15T21:16:51.462Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a442fec27e9c79719647400
Added to database: 06/30/2026, 21:06:52 UTC
Last enriched: 06/30/2026, 21:22:15 UTC
Last updated: 06/30/2026, 23:40:15 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.