PT-2025-37265 · Ibm · Ibm Fusion+2
Robert Hotchkiss
·
Published
2025-09-11
·
Updated
2025-09-12
·
CVE-2025-36222
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
IBM Fusion versions 2.2.0 through 2.10.1
IBM Fusion HCI versions 2.2.0 through 2.10.0
IBM Fusion HCI for watsonx versions 2.8.2 through 2.10.0
Description:
IBM Fusion, IBM Fusion HCI, and IBM Fusion HCI for watsonx utilize insecure default configurations. This configuration exposes AMQStreams without client authentication, potentially enabling an attacker to perform unauthorized actions.
Recommendations:
IBM Fusion versions prior to 2.10.2 should be updated.
IBM Fusion HCI versions prior to 2.10.1 should be updated.
IBM Fusion HCI for watsonx versions prior to 2.10.1 should be updated.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Fusion
Ibm Fusion Hci
Fusion Hci For Watsonx