Skip to main content

IBM watsonx.data intelligence EUVDEUVD-2025-209604

| CVE-2025-36335 MEDIUM
Plaintext Storage of a Password (CWE-256)
2026-04-30 ibm
6.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Apr 30, 2026 - 22:01 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 21:45 euvd
EUVD-2025-209604
Analysis Generated
Apr 30, 2026 - 21:45 vuln.today
Patch released
Apr 30, 2026 - 21:45 nvd
Patch available
CVE Published
Apr 30, 2026 - 21:12 nvd
MEDIUM 6.2

DescriptionCVE.org

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.

AnalysisAI

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 store user credentials in plain text within local filesystem locations, allowing any local user to read sensitive authentication material without authentication. This information disclosure vulnerability affects confidentiality but not integrity or availability, and requires local filesystem access to exploit.

Technical ContextAI

The vulnerability stems from CWE-256 (Plaintext Storage of Password), a common weakness in which authentication credentials are persisted without encryption or other protection mechanisms. In watsonx.data intelligence, user credentials are written to filesystem locations in plain text format that are readable by unprivileged local users. This is distinct from memory-based credential leaks-the credentials are stored persistently on disk, making them accessible to any local account with filesystem read permissions. The affected versions (5.2.0, 5.2.1, 5.3.0, 5.3.1) indicate a regression or incomplete remediation across multiple release branches.

RemediationAI

Apply the vendor-released patch from IBM support note 7270923 (https://www.ibm.com/support/pages/node/7270923) to upgrade affected instances. The advisory specifies patched versions; upgrade to the lowest available version above 5.3.1 or the patch specified in the bulletin. If immediate patching is not feasible, implement filesystem-level access controls to restrict read permissions on credential storage locations to only the watsonx.data intelligence service account, using OS-level file ACLs or SELinux policies. Additionally, audit and rotate all credentials stored in potentially exposed locations once systems are patched. Note: access control alone is a temporary measure and does not decrypt already-exposed credentials; patching is the primary remediation.

Share

EUVD-2025-209604 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy