CVE-2025-36335 is a vulnerability in IBM watsonx.data intelligence versions 5.2.0 through 5.3.1 where user credentials are stored in plaintext on the local system. This allows any local user to access sensitive password information without authentication or user interaction. The vulnerability is classified under CWE-256, which concerns plaintext storage of passwords. The CVSS 3.1 base score is 6.2, with an attack vector limited to local access, low attack complexity, no privileges required, no user interaction, and a high confidentiality impact. No official fix or patch has been published by IBM, and the product is not a cloud service, so remediation is the responsibility of the user or administrator.

The vulnerability exposes user credentials stored in plaintext to any local user on the affected system, potentially compromising confidentiality. Since the attack vector is local, remote exploitation is not possible. There is no impact on integrity or availability reported. The medium severity score reflects the risk of credential disclosure in environments where local user access is possible.

Patch status is not yet confirmed — check the IBM vendor advisory for current remediation guidance. Since no official fix or patch is currently available, users should restrict local access to systems running affected versions of IBM watsonx.data intelligence to trusted personnel only. Monitor IBM advisories for updates regarding patches or official mitigations.