IBM Cloud Pak BA <24-25> dashboards auth flaw leads to denial of access
CVE-2025-36091 Published on November 3, 2025
IBM Business Automation Insights unverified ownership
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
Vulnerability Analysis
CVE-2025-36091 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Unverified Ownership
The software does not properly verify that a critical resource is owned by the proper entity.
Products Associated with CVE-2025-36091
Want to know whenever a new CVE is published for IBM Cloud Pak Business Automation? stack.watch will email you.
Affected Versions
IBM Cloud Pak For Business Automation:- Version 25.0.0 is affected.
- Version 24.0.1 is affected.
- Version 24.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.