CVE-2025-36180 MEDIUM

CVE-2025-36180: Inadequate Pod Communication Restrictions, affects watsonx.data

Vendor Ibm
Product watsonx.data
Weakness CWE-923
Published April 30, 2026
Last update May 1, 2026

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

Key dates

02Disclosure timeline

April 30, 2026 CVE published
May 1, 2026 Record updated