CVE-2025-36094

Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

CVSS 5.4 MEDIUMEPSS 0.2%CWE-1284

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

03 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected products

IBM · Cloud Pak for Business Automation

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.ibm.com/support/pages/node/7259318