CVE-2025-36146
📋 TL;DR
IBM Lakehouse (watsonx.data 2.2) exposes sensitive server component version information to authenticated users. This information disclosure vulnerability could help attackers identify potential weaknesses for follow-up attacks. Only authenticated users can access this information, and it affects IBM watsonx.data version 2.2 installations.
💻 Affected Systems
- IBM Lakehouse
- IBM watsonx.data
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers use exposed version information to identify and exploit known vulnerabilities in specific server components, potentially leading to data compromise or system takeover.
Likely Case
Attackers gather intelligence about the system's architecture and components to plan targeted attacks, increasing the success rate of subsequent exploitation attempts.
If Mitigated
Limited information exposure that doesn't directly lead to compromise but still provides some reconnaissance value to attackers.
🎯 Exploit Status
Requires authenticated access; exploitation involves using disclosed information for follow-up attacks rather than direct exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply fix as described in IBM advisory
Vendor Advisory: https://www.ibm.com/support/pages/node/7245384
Restart Required: No
Instructions:
1. Review IBM advisory at provided URL. 2. Apply the recommended fix from IBM. 3. Verify the fix prevents version information disclosure.
🔧 Temporary Workarounds
Restrict Access Controls
allImplement stricter access controls to limit which authenticated users can access system information endpoints.
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable systems
- Enhance monitoring for unusual access patterns to system information endpoints
🔍 How to Verify
Check if Vulnerable:
Test authenticated access to system information endpoints to see if version details are exposed.Check Version:
Check IBM watsonx.data version through administrative interface or configuration files.Verify Fix Applied:
After applying fix, verify that authenticated users can no longer access sensitive version information.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to system information endpoints
- Multiple failed authentication attempts followed by successful access
Network Indicators:
- Increased traffic to system information endpoints from unusual sources
SIEM Query:
source="watsonx.data" AND (event_type="system_info_access" OR endpoint="*/version*" OR endpoint="*/info*")