Strix
26.1K

CVE-2025-36221

HIGHCVSS 7.5/10EPSS 0.27%

Last modified

CVE-2025-36221 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
0.27%

18.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IbmCloud Pak For Data System - Cyclops< 11.3.0.2
IbmCloud Pak For Data System - Cyclops11.3.0.2

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-36221?
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.
How severe is CVE-2025-36221?
CVE-2025-36221 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.
How do I fix CVE-2025-36221?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-36221?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST