CVE-2025-36145 Overview
CVE-2025-36145 affects IBM watsonx.data versions 2.2 through 2.3.1, specifically the IBM Lakehouse component. The vulnerability stems from improper restriction of inbound and outbound network connections [CWE-923]. An authenticated attacker with low privileges can leverage this weakness to transfer or modify files without restrictions across the affected service boundaries. IBM published a support advisory documenting the impact and remediation guidance for affected deployments.
Critical Impact
Authenticated network-adjacent attackers can transfer or modify files in IBM Lakehouse without the connection restrictions expected by the platform, undermining data confidentiality and integrity.
Affected Products
- IBM watsonx.data 2.2
- IBM watsonx.data 2.3
- IBM watsonx.data 2.3.1 (IBM Lakehouse component)
Discovery Timeline
- 2026-05-26 - CVE-2025-36145 published to the National Vulnerability Database
- 2026-05-26 - Last updated in NVD database
Technical Details for CVE-2025-36145
Vulnerability Analysis
The vulnerability resides in IBM watsonx.data's IBM Lakehouse component, which fails to enforce restrictions on inbound and outbound network connections. The weakness is categorized under [CWE-923] (Improper Restriction of Communication Channel to Intended Endpoints). When the platform accepts or initiates connections without validating the endpoint, an attacker can pivot through the Lakehouse to read, transfer, or modify files outside the intended boundary.
Exploitation requires network access and low-privilege authentication. No user interaction is required. The impact covers limited confidentiality and integrity loss but does not directly affect availability. The unrestricted channel allows file movement operations that bypass intended segmentation between data plane components.
Root Cause
The root cause is missing or insufficient validation of communication endpoints inside IBM Lakehouse. The component does not constrain which hosts or services it will exchange data with, so an authenticated client can direct it to interact with arbitrary destinations. This design gap allows file transfer and modification operations to flow through unintended channels.
Attack Vector
The attack vector is network-based. An attacker with valid low-privilege credentials issues requests to IBM Lakehouse that cause it to open or accept connections beyond the intended trust zone. Through these unrestricted channels, the attacker stages file transfers or modifies files reachable by the service account. No verified public proof-of-concept code is available at this time. Refer to the IBM Support Page for vendor technical details.
Detection Methods for CVE-2025-36145
Indicators of Compromise
- Unexpected outbound connections originating from IBM Lakehouse service processes to hosts outside the documented data plane.
- Unauthorized file create, modify, or transfer operations on Lakehouse storage paths performed by low-privilege accounts.
- Authentication events for watsonx.data service accounts followed by anomalous network egress.
Detection Strategies
- Baseline normal communication endpoints for IBM Lakehouse and alert on deviations involving new destination IPs, ports, or protocols.
- Correlate watsonx.data audit logs with network flow telemetry to identify file operations that pair with out-of-policy connections.
- Inspect HTTP and storage API access logs for repeated file transfer requests issued by the same low-privilege principal.
Monitoring Recommendations
- Forward IBM watsonx.data and IBM Lakehouse logs to a centralized analytics platform with retention sufficient for forensic review.
- Monitor egress firewall logs at the Kubernetes or host boundary hosting watsonx.data for unexpected destinations.
- Track file integrity on Lakehouse-managed storage to detect unauthorized modifications.
How to Mitigate CVE-2025-36145
Immediate Actions Required
- Apply the fix referenced in the IBM Support Page for IBM watsonx.data 2.2 through 2.3.1.
- Review and reduce privileges for accounts able to authenticate to IBM Lakehouse APIs.
- Audit recent file transfer and modification events in Lakehouse-managed storage for unauthorized activity.
Patch Information
IBM has published remediation guidance through its official support channel. Administrators should consult the IBM Support Page for the fixed version and upgrade instructions applicable to IBM watsonx.data 2.2, 2.3, and 2.3.1.
Workarounds
- Restrict inbound and outbound network access to IBM Lakehouse using network policies, security groups, or service mesh egress controls until patching is complete.
- Place IBM watsonx.data components in a segmented network zone that only permits required endpoints.
- Enforce strict allow-lists for storage and external service endpoints that Lakehouse is permitted to reach.
# Example Kubernetes NetworkPolicy restricting Lakehouse egress to approved endpoints
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: lakehouse-egress-restrict
namespace: watsonx-data
spec:
podSelector:
matchLabels:
app: ibm-lakehouse
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/16
ports:
- protocol: TCP
port: 443
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
