IBM DataPower Gateway vulnerable to CSRF_CVE-2025-36375

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Description

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Basic Information

ID CVE-2025-36375

Source ibm

Published Apr 1, 2026 at 22:50

Modified Apr 3, 2026 at 13:56

Affected Product

Vendor IBM

Product DataPower Gateway 10.6CD

Version 10.6.1.0

Affected Versions IBM DataPower Gateway 10.6CD 10.6.1.0
IBM DataPower Gateway 10.5.0 10.5.0.0
IBM DataPower Gateway 10.6.0 10.6.0.0

CWE Classification

CWE-352

References

www.ibm.com /support/pages/node/7268034

{
    "lastseen": "",
    "description": "IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.",
    "published": "2026-04-01T22:50:51.697Z",
    "modified": "2026-04-03T13:56:04.937Z",
    "type": "cve",
    "title": "IBM DataPower Gateway vulnerable to CSRF",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7268034",
    "id": "CVE-2025-36375",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "IBM DataPower Gateway 10.6CD 10.6.1.0\nIBM DataPower Gateway 10.5.0 10.5.0.0\nIBM DataPower Gateway 10.6.0 10.6.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DataPower Gateway 10.6CD",
    "version": "10.6.1.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}