{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36058", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:11.325Z", "datePublished": "2026-01-20T15:09:07.082Z", "dateUpdated": "2026-01-20T15:53:20.326Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:business_automation_workflow_containers:25.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:25.0.0:interim_fix_002:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.1:interim_fix_005:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.0:interim_fix_006:*:*:*:*:*:*"], "product": "Business Automation Workflow containers", "vendor": "IBM", "versions": [{"lessThanOrEqual": "25.0.0 Interim Fix 002", "status": "affected", "version": "25.0.0", "versionType": "semver"}, {"lessThanOrEqual": "24.0.1 Interim Fix 005", "status": "affected", "version": "24.0.1", "versionType": "semver"}, {"lessThanOrEqual": "24.0.0 Interim Fix 006", "status": "affected", "version": "24.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.</p>"}], "value": "IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-538", "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-01-20T15:09:18.288Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7256777"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<br><table><thead><tr><th>Affected Product(s)</th><th>Version(s)</th><th>Remediation / Fix</th></tr></thead><tbody><tr><td>IBM Business Automation Workflow containers</td><td>V25.0.0 - V25.0.0-IF002</td><td>Apply <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes\">25.0.0-IF003</a></td></tr><tr><td>IBM Business Automation Workflow containers</td><td>V24.0.1 - V24.0.1-IF005</td><td>Apply <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7183042\">24.0.1-IF006</a></td></tr><tr><td>IBM Business Automation Workflow containers</td><td>V24.0.0 - V24.0.0-IF006</td><td>Apply <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7159792\">24.0.0-IF007</a></td></tr></tbody></table><br>"}], "value": "Affected Product(s)Version(s)Remediation / FixIBM Business Automation Workflow containersV25.0.0 - V25.0.0-IF002Apply 25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes IBM Business Automation Workflow containersV24.0.1 - V24.0.1-IF005Apply 24.0.1-IF006 https://www.ibm.com/support/pages/node/7183042 IBM Business Automation Workflow containersV24.0.0 - V24.0.0-IF006Apply 24.0.0-IF007 https://www.ibm.com/support/pages/node/7159792"}], "title": "Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T15:53:03.007740Z", "id": "CVE-2025-36058", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T15:53:20.326Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36058", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T15:53:03.007740Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T15:53:13.128Z"}}], "cna": {"title": "Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:business_automation_workflow_containers:25.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:25.0.0:interim_fix_002:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.1:interim_fix_005:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_automation_workflow_containers:24.0.0:interim_fix_006:*:*:*:*:*:*"], "vendor": "IBM", "product": "Business Automation Workflow containers", "versions": [{"status": "affected", "version": "25.0.0", "versionType": "semver", "lessThanOrEqual": "25.0.0 Interim Fix 002"}, {"status": "affected", "version": "24.0.1", "versionType": "semver", "lessThanOrEqual": "24.0.1 Interim Fix 005"}, {"status": "affected", "version": "24.0.0", "versionType": "semver", "lessThanOrEqual": "24.0.0 Interim Fix 006"}]}], "solutions": [{"lang": "en", "value": "Affected Product(s)Version(s)Remediation / FixIBM Business Automation Workflow containersV25.0.0 - V25.0.0-IF002Apply 25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes IBM Business Automation Workflow containersV24.0.1 - V24.0.1-IF005Apply 24.0.1-IF006 https://www.ibm.com/support/pages/node/7183042 IBM Business Automation Workflow containersV24.0.0 - V24.0.0-IF006Apply 24.0.0-IF007 https://www.ibm.com/support/pages/node/7159792", "supportingMedia": [{"type": "text/html", "value": "<br><table><thead><tr><th>Affected Product(s)</th><th>Version(s)</th><th>Remediation / Fix</th></tr></thead><tbody><tr><td>IBM Business Automation Workflow containers</td><td>V25.0.0 - V25.0.0-IF002</td><td>Apply <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes\">25.0.0-IF003</a></td></tr><tr><td>IBM Business Automation Workflow containers</td><td>V24.0.1 - V24.0.1-IF005</td><td>Apply <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7183042\">24.0.1-IF006</a></td></tr><tr><td>IBM Business Automation Workflow containers</td><td>V24.0.0 - V24.0.0-IF006</td><td>Apply <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7159792\">24.0.0-IF007</a></td></tr></tbody></table><br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7256777", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-538", "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-01-20T15:09:18.288Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36058", "state": "PUBLISHED", "dateUpdated": "2026-01-20T15:53:20.326Z", "dateReserved": "2025-04-15T21:16:11.325Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-01-20T15:09:07.082Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map."}], "id": "CVE-2025-36058", "lastModified": "2026-01-20T16:16:02.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-01-20T16:16:02.743", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7256777"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-538"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}