Skip to main content

IBM watsonx.data EUVDEUVD-2025-210383

| CVE-2025-36319 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-30 ibm GHSA-8g9m-mqc8-rhxx
4.3
CVSS 3.1 · Vendor: ibm
Share

Severity by source

Vendor (ibm) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
4.3 MEDIUM

Network-reachable HTTP endpoint requires authenticated low-privilege user; temporary and partial availability impact only, with no confidentiality or integrity effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (ibm).

CVSS VectorVendor: ibm

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 30, 2026 - 21:20 vuln.today

DescriptionCVE.org

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.

AnalysisAI

Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users who submit specially crafted HTTP requests, exploiting improper resource throttling allocation (CWE-770). The impact is limited to availability - confidentiality and integrity are unaffected - and the disruption is described as temporary rather than persistent. No public exploit code or active exploitation has been identified at the time of analysis.

Technical ContextAI

IBM watsonx.data intelligence is an enterprise data lakehouse platform combining open data formats with AI-driven analytics. The vulnerability stems from CWE-770 (Allocation of Resources Without Limits or Throttling), a class of flaw where the application fails to enforce adequate rate-limiting or quota controls on incoming HTTP requests. When a user submits a specially crafted request, the server may allocate resources (threads, memory, processing time) beyond intended bounds without capping them, creating a temporary saturation condition. The affected CPE is cpe:2.3:a:ibm:watsonx.data_intelligence:*:*:*:*:*:*:*:* covering versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0.

RemediationAI

IBM has released a patch and advises applying the fix documented at https://www.ibm.com/support/pages/node/7277801. The exact patched version number is not confirmed in the available data - administrators should consult the IBM advisory directly to identify the target upgrade version. As a compensating control prior to patching, organizations should restrict authenticated access to the watsonx.data intelligence API to only necessary users and service accounts, reducing the pool of principals who could trigger this condition. Additionally, placing a reverse proxy or API gateway with request-rate limiting in front of the service can reduce the effectiveness of throttling-based denial of service attacks, though this adds operational complexity and does not eliminate the underlying flaw.

Share

EUVD-2025-210383 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy