IBM watsonx.data 2.2-2.3 Lakehouse Pod Comm Blt: Cross-Pod Data Leakage
CVE-2025-36180 Published on April 30, 2026

Inadequate Pod Communication Restrictions, affects watsonx.data
IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Improper Restriction of Communication Channel to Intended Endpoints

The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Products Associated with CVE-2025-36180

Want to know whenever a new CVE is published for IBM Watsonxdata? stack.watch will email you.

IBM Watsonxdata

Affected Versions

IBM watsonx.data:

Version 2.2.0, <= 2.3.0 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM watsonx.data 2.2-2.3 Lakehouse Pod Comm Blt: Cross-Pod Data LeakageCVE-2025-36180 Published on April 30, 2026

Vulnerability Analysis

Weakness Type

Improper Restriction of Communication Channel to Intended Endpoints

Products Associated with CVE-2025-36180

Affected Versions

Exploit Probability

IBM watsonx.data 2.2-2.3 Lakehouse Pod Comm Blt: Cross-Pod Data Leakage
CVE-2025-36180 Published on April 30, 2026