CVE-2025-36133 MEDIUM

CVE-2025-36133: IBM App Connect Enterprise information disclosure

Vendor Ibm
Product App Connect Enterprise Certified Container
Weakness CWE-532 · Sensitive info in logs
Published September 1, 2025
Last update September 2, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.

Key dates

02Disclosure timeline

September 1, 2025 CVE published
September 2, 2025 Record updated