What is the CVSS score of CVE-2025-36105?

CVE-2025-36105 has a CVSS 3.1 base score of 4.4 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of IBM are affected by CVE-2025-36105?

CVE-2025-36105 presents moderate security risk rated CVSS 4.4. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-36105?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

IBM CVE-2025-36105

MEDIUM

Cleartext Storage of Sensitive Information in an Environment Variable (CWE-526)

2026-03-10 psirt@us.ibm.com

Information Disclosure IBM

4.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 10, 2026 - 16:50 nvd

MEDIUM 4.4

DescriptionNVD

IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.

AnalysisAI

IBM Planning Analytics Advanced Certified Containers 3.1.0 versions up to 3.1.4 contains a vulnerability that allows attackers to a local privileged user to obtain sensitive information from environment variabl (CVSS 4.4).

Technical ContextAI

affects IBM Planning Analytics Advanced Certified Containers 3.1.0. IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.