{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-36375","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:56.325Z","datePublished":"2026-04-01T22:50:51.697Z","dateUpdated":"2026-04-03T13:56:04.937Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-04-01T22:50:51.697Z"},"title":"IBM DataPower Gateway vulnerable to CSRF","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-352","description":"CWE-352 Cross-Site Request Forgery (CSRF)","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"DataPower Gateway 10.6CD","versions":[{"status":"affected","version":"10.6.1.0","lessThanOrEqual":"10.6.5.0","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datapower_gateway_106cd:10.6.5.0:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"DataPower Gateway 10.5.0","versions":[{"status":"affected","version":"10.5.0.0","lessThanOrEqual":"10.5.0.20","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:datapower_gateway_1050:10.5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datapower_gateway_1050:10.5.0.20:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"DataPower Gateway 10.6.0","versions":[{"status":"affected","version":"10.6.0.0","lessThanOrEqual":"10.6.0.8","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:datapower_gateway_1060:10.6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datapower_gateway_1060:10.6.0.8:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.</p>"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7268034","tags":["vendor-advisory","patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}}],"solutions":[{"lang":"en","value":"Affected Product(s)Fixed in VersionFix linkIBM DataPower Gateway 10.6CD 10.6.1.0 - 10.6.5.010.6.6.0 Installation and Upgrade 10.6.x https://www.ibm.com/docs/en/datapower-gateway/10.6.x IBM DataPower Gateway 10.6.0  10.6.0.0 - 10.6.0.810.6.0.9 Installation and Upgrade 10.6.0 https://www.ibm.com/docs/en/datapower-gateway/10.6.0 IBM DataPower Gateway 10.5.0  10.5.0.0 - 10.5.0.2010.5.0.21 Installation and Upgrade 10.5.0 https://www.ibm.com/docs/en/datapower-gateway/10.5.0 \n\nIBM strongly recommends upgrading to a fixed version","supportingMedia":[{"type":"text/html","base64":false,"value":"<div><br><table><tbody><tr><td>Affected Product(s)</td><td>Fixed in Version</td><td>Fix link</td></tr><tr><td>IBM DataPower Gateway 10.6CD 10.6.1.0 - 10.6.5.0</td><td>10.6.6.0</td><td><a href=\"https://www.ibm.com/docs/en/datapower-gateway/10.6.x?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\">Installation and Upgrade 10.6.x</a></td></tr><tr><td>IBM DataPower Gateway 10.6.0&nbsp; 10.6.0.0 - 10.6.0.8</td><td>10.6.0.9</td><td><a href=\"https://www.ibm.com/docs/en/datapower-gateway/10.6.0?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\">Installation and Upgrade 10.6.0</a></td></tr><tr><td>IBM DataPower Gateway 10.5.0&nbsp; 10.5.0.0 - 10.5.0.20</td><td>10.5.0.21</td><td><a href=\"https://www.ibm.com/docs/en/datapower-gateway/10.5.0?topic=overview-release-notes#relnotes__install__title__1\" rel=\"nofollow\">Installation and Upgrade 10.5.0</a></td></tr></tbody></table></div><p>IBM strongly recommends upgrading to a fixed version</p>"}]}],"x_generator":{"engine":"ibm-cvegen"},"credits":[{"lang":"en","value":"Acknowledgement This vulnerability was reported to IBM by Maciej Włodarczyk & Michał Bartoszuk @ STM Cyber.","type":"finder"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-36375","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-04-03T13:45:08.878992Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-03T13:56:04.937Z"}}]}}