CVE-2025-36220

MEDIUM

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVSS v3.1 Score

4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Published: 5/26/2026Modified: 6/2/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2025-36220 — IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cl...

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVE-2025-36220
NIST NVD

References (1)

https://www.ibm.com/support/pages/node/7273923Vendor Advisory