CVE-2025-36091 MEDIUM

CVE-2025-36091: IBM Business Automation Insights unverified ownership

Vendor Ibm
Product Cloud Pak For Business Automation
Weakness CWE-283
Published November 3, 2025
Last update November 3, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.

Key dates

02Disclosure timeline

November 3, 2025 CVE published
November 3, 2025 Record updated