CVE-2025-36023 MEDIUM

CVE-2025-36023: IBM Cloud Pak for Business Automation security bypass

Vendor Ibm
Product Cloud Pak for Business Automation
Weakness CWE-639 · IDOR
Published August 8, 2025
Last update August 8, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

Key dates

02Disclosure timeline

August 8, 2025 CVE published
August 8, 2025 Record updated