CVE-2025-36091

EUVD-2025-37498
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
ibmcloud_pak_for_business_automation
24.0.0
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_001
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_002
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_003
ibmcloud_pak_for_business_automation
24.0.0:interim_fix_004
ibmcloud_pak_for_business_automation
24.0.1
ibmcloud_pak_for_business_automation
24.0.1:interim_fix_001
ibmcloud_pak_for_business_automation
24.0.1:interim_fix_002
ibmcloud_pak_for_business_automation
24.0.1:interim_fix_004
ibmcloud_pak_for_business_automation
25.0.0
ibmcloud_pak_for_business_automation
25.0.0:interim_fix_001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7249999