Multiple security vulnerabilities are addressed in IBM Business Automation Workflow...

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.

Basic Information

ID CVE-2025-36058

Source ibm

Published Jan 20, 2026 at 15:09

Affected Product

Vendor IBM

Product Business Automation Workflow containers

Version 25.0.0

Affected Versions IBM Business Automation Workflow containers 25.0.0
IBM Business Automation Workflow containers 24.0.1
IBM Business Automation Workflow containers 24.0.0

CWE Classification

CWE-538

References

www.ibm.com /support/pages/node/7256777

{
    "lastseen": "",
    "description": "IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.",
    "published": "2026-01-20T15:09:07.082Z",
    "modified": "2026-01-20T15:09:18.288Z",
    "type": "cve",
    "title": "Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7256777",
    "id": "CVE-2025-36058",
    "bulletinFamily": "",
    "cwe": [
        "CWE-538"
    ],
    "cvelist": null,
    "sourceData": "IBM Business Automation Workflow containers 25.0.0\nIBM Business Automation Workflow containers 24.0.1\nIBM Business Automation Workflow containers 24.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Business Automation Workflow containers",
    "version": "25.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025_CVE-2025-36058