CVE-2025-36222
Last modified
CVE-2025-36222 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Storage Fusion | >= 2.2.0, < 2.11.0 |
| Ibm | Storage Fusion Hci | >= 2.2.0, < 2.11.0 |
| Ibm | Storage Fusion Hci For Watsonx | >= 2.8.2, < 2.11.0 |
References
- https://www.ibm.com/support/pages/node/7244646Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-36222?
How severe is CVE-2025-36222?
How do I fix CVE-2025-36222?
Are you affected by CVE-2025-36222?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST