CVE-2025-36357HIGH 8.0EPSS p47.8%

CVE-2025-36357CVE-2025-36357

Description

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS0.69% probability of exploitation · percentile 47.8% · 2026-06-18T12:00:27Z
Published2025-11-17
Last modified2025-11-19

Underlying weaknesses· 1

CWE-36

References

  1. https://www.ibm.com/support/pages/node/7251265

1

TypeTargetConfidenceTier
WeaknessAbsolute Path Traversalcwe-360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3356
CVE
CVE-2025-33005
CVE
IBM Data Risk Manager Directory Traversal Vulnerability
CVE
CVE-2026-3366
CVE
CVE-2025-36386
CVE
CVE-2025-36174
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.