Zero Day MonitorZDM

← Back to list

6.5

CVE-2025-36375EXPLOITEDPATCHED

ibm · datapower gateway 10.6cd

IBM DataPower Gateway vulnerable to CSRF

Description

A vulnerability, which was classified as problematic, has been found in IBM DataPower Gateway up to 10.6.5.0. This vulnerability affects unknown code. This manipulation causes cross-site request forgery. This vulnerability is registered as CVE-2025-36375. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

Affected Products

Vendor	Product	Versions
ibm	datapower gateway 10.6cd	10.6.1.0, 10.5.0.0, 10.6.0.0

References

https://www.ibm.com/support/pages/node/7268034(vendor-advisory, patch)

Related News (2 articles)

Tier C

VulDB7h ago

CVE-2025-36375 | IBM DataPower Gateway up to 10.6.5.0 cross-site request forgery

→ No new info (linked only)

Tier B

BSI Advisories1d ago

[NEU] [mittel] IBM DataPower Gateway: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.16.5 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://www.ibm.com/support/pages/node/7268034

CWECWE-352

PublishedApr 1, 2026

Last enriched6h agov2

Trending Score53

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-1345EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

CRITICALCVE-2025-66485EXP

Multiple vulnerabilities have been addressed in IBM Aspera Shares

CRITICALCVE-2026-4101EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

HIGHCVE-2026-1491EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

MEDIUMCVE-2025-36373

Incorrect administrative access control in IBM DataPower Gateway

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Actively Exploited

Apr 1, 2026

Patch Available

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: description, activelyExploited

Apr 2, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated description with new details, marked exploit availability as false, and noted that the vulnerability is actively exploited.

descriptionactivelyExploited

via VulDB

v18h ago

Initial creation