CVE-2025-36375HIGH 8.8EPSS p6.2%

CVE-2025-36375CVE-2025-36375

Description

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.17% probability of exploitation · percentile 6.2% · 2026-06-19T12:03:05Z
Published2026-04-01
Last modified2026-04-06

Underlying weaknesses· 1

CWE-352

References

  1. https://www.ibm.com/support/pages/node/7268034

1

TypeTargetConfidenceTier
WeaknessCross-Site Request Forgery (CSRF)cwe-3520%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3633
CVE
CVE-2025-36119
CVE
CVE-2025-36094
CVE
CVE-2025-14290
CVE
CVE-2025-2697
CVE
CVE-2025-36148
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.