Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
AnalysisAI
IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 store user credentials in plain text within local filesystem locations, allowing any local user to read sensitive authentication material without authentication. This information disclosure vulnerability affects confidentiality but not integrity or availability, and requires local filesystem access to exploit.
Technical ContextAI
The vulnerability stems from CWE-256 (Plaintext Storage of Password), a common weakness in which authentication credentials are persisted without encryption or other protection mechanisms. In watsonx.data intelligence, user credentials are written to filesystem locations in plain text format that are readable by unprivileged local users. This is distinct from memory-based credential leaks-the credentials are stored persistently on disk, making them accessible to any local account with filesystem read permissions. The affected versions (5.2.0, 5.2.1, 5.3.0, 5.3.1) indicate a regression or incomplete remediation across multiple release branches.
RemediationAI
Apply the vendor-released patch from IBM support note 7270923 (https://www.ibm.com/support/pages/node/7270923) to upgrade affected instances. The advisory specifies patched versions; upgrade to the lowest available version above 5.3.1 or the patch specified in the bulletin. If immediate patching is not feasible, implement filesystem-level access controls to restrict read permissions on credential storage locations to only the watsonx.data intelligence service account, using OS-level file ACLs or SELinux policies. Additionally, audit and rotate all credentials stored in potentially exposed locations once systems are patched. Note: access control alone is a temporary measure and does not decrypt already-exposed credentials; patching is the primary remediation.
Same weakness CWE-256 – Plaintext Storage of a Password
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209604