CVE-2025-36094 – This vulnerability in IBM Cloud Pak for Busines... (How to Fix)

Q: What is the severity of CVE-2025-36094?

CVE-2025-36094 has a CVSS score of 5.4 (MEDIUM). This vulnerability in IBM Cloud Pak for Business Automation allows authenticated users to cause denial of service or data corruption by sending improperly validated input. It affects versions 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007. Organizations using these versions should prioritize patching.

📋 TL;DR

This vulnerability in IBM Cloud Pak for Business Automation allows authenticated users to cause denial of service or data corruption by sending improperly validated input. It affects versions 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007. Organizations using these versions should prioritize patching.

💻 Affected Systems

Products:

IBM Cloud Pak for Business Automation

Versions: 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, 24.0.0 through 24.0.0 Interim Fix 007

Operating Systems: Not OS-specific

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability and permanent data corruption affecting business operations

🟠

Likely Case

Service disruption and partial data corruption requiring restoration from backups

🟢

If Mitigated

Minimal impact with proper input validation and monitoring

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and knowledge of vulnerable endpoints

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM Cloud Pak for Business Automation 25.0.0 Interim Fix 003, 24.0.1 Interim Fix 006, or 24.0.0 Interim Fix 008

Vendor Advisory: https://www.ibm.com/support/pages/node/7259318

Restart Required: Yes

Instructions:

1. Download appropriate interim fix from IBM Fix Central. 2. Backup current configuration and data. 3. Apply fix following IBM documentation. 4. Restart affected services. 5. Verify fix application.

🔧 Temporary Workarounds

Restrict User Access

all

Limit authenticated user access to only necessary personnel

Input Validation Rules

all

Implement additional input validation at network perimeter

🧯 If You Can't Patch

Implement strict access controls and least privilege principles
Deploy network segmentation and monitor for unusual input patterns

🔍 How to Verify

Check if Vulnerable:

Check installed version against affected ranges in IBM Cloud Pak administration console

Check Version:

oc get pods -n <namespace> -l app=<component> -o jsonpath='{.items[*].spec.containers[*].image}'

Verify Fix Applied:

Verify version shows patched interim fix level and test input validation

📡 Detection & Monitoring

Log Indicators:

Unusually large input payloads
Service crash/restart events
Authentication failures followed by large requests

Network Indicators:

Abnormally large HTTP/S requests to Cloud Pak endpoints
Repeated connection attempts with varying payload sizes

SIEM Query:

source="ibm-cloud-pak" AND (event_type="service_crash" OR payload_size>1000000)

📊 Metadata

CVE ID: CVE-2025-36094

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-1284

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: February 3, 2026

Last Updated: February 25, 2026

🔗 References

https://www.ibm.com/support/pages/node/7259318 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36094, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

Cloud Pak For Business Automation by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict User Access

Input Validation Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities