{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36221", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:41.802Z", "datePublished": "2026-05-26T15:55:41.059Z", "dateUpdated": "2026-05-26T17:48:22.026Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-05-26T15:55:41.059Z"}, "title": "Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Cloud Pak for Data System - Cyclops", "versions": [{"status": "affected", "version": "11.3.0.2", "lessThanOrEqual": "Interim Fix 002", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:11.3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:interim:interim_fix_002:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7273923", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Fixed versionFix linkIBM Cloud Pak for Data System - Cyclops 11.3.1.1-WS-ICPDS-CYCLOPS-fp278500 https://www.ibm.com/support/fixcentral/swg/downloadFixes", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><table><tbody><tr><td>Fixed version</td><td>Fix link</td></tr><tr><td>IBM Cloud Pak for Data System - Cyclops</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+Cloud+Private+for+Data+System&amp;release=CYCLOPS_11.3&amp;platform=All&amp;function=fixId&amp;fixids=11.3.1.1-WS-ICPDS-CYCLOPS-fp278500&amp;includeRequisites=0&amp;includeSupersedes=0&amp;downloadMethod=http\" rel=\"nofollow\">11.3.1.1-WS-ICPDS-CYCLOPS-fp278500 </a></td></tr></tbody></table></div>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T17:47:14.104251Z", "id": "CVE-2025-36221", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T17:48:22.026Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication."}], "id": "CVE-2025-36221", "lastModified": "2026-05-26T17:16:29.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-05-26T17:16:29.270", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7273923"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}