{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36221", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:41.802Z", "datePublished": "2026-05-26T15:55:41.059Z", "dateUpdated": "2026-05-26T17:48:22.026Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-05-26T15:55:41.059Z"}, "title": "Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Cloud Pak for Data System - Cyclops", "versions": [{"status": "affected", "version": "11.3.0.2", "lessThanOrEqual": "Interim Fix 002", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:11.3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:interim:interim_fix_002:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7273923", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Fixed versionFix linkIBM Cloud Pak for Data System - Cyclops 11.3.1.1-WS-ICPDS-CYCLOPS-fp278500 https://www.ibm.com/support/fixcentral/swg/downloadFixes", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><table><tbody><tr><td>Fixed version</td><td>Fix link</td></tr><tr><td>IBM Cloud Pak for Data System - Cyclops</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+Cloud+Private+for+Data+System&amp;release=CYCLOPS_11.3&amp;platform=All&amp;function=fixId&amp;fixids=11.3.1.1-WS-ICPDS-CYCLOPS-fp278500&amp;includeRequisites=0&amp;includeSupersedes=0&amp;downloadMethod=http\" rel=\"nofollow\">11.3.1.1-WS-ICPDS-CYCLOPS-fp278500 </a></td></tr></tbody></table></div>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T17:47:14.104251Z", "id": "CVE-2025-36221", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T17:48:22.026Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36221", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-26T17:47:14.104251Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T17:48:08.375Z"}}], "cna": {"title": "Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:11.3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:interim:interim_fix_002:*:*:*:*:*:*"], "vendor": "IBM", "product": "Cloud Pak for Data System - Cyclops", "versions": [{"status": "affected", "version": "11.3.0.2", "versionType": "semver", "lessThanOrEqual": "Interim Fix 002"}]}], "solutions": [{"lang": "en", "value": "Fixed versionFix linkIBM Cloud Pak for Data System - Cyclops 11.3.1.1-WS-ICPDS-CYCLOPS-fp278500 https://www.ibm.com/support/fixcentral/swg/downloadFixes", "supportingMedia": [{"type": "text/html", "value": "<div><table><tbody><tr><td>Fixed version</td><td>Fix link</td></tr><tr><td>IBM Cloud Pak for Data System - Cyclops</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+Cloud+Private+for+Data+System&amp;release=CYCLOPS_11.3&amp;platform=All&amp;function=fixId&amp;fixids=11.3.1.1-WS-ICPDS-CYCLOPS-fp278500&amp;includeRequisites=0&amp;includeSupersedes=0&amp;downloadMethod=http\" rel=\"nofollow\">11.3.1.1-WS-ICPDS-CYCLOPS-fp278500 </a></td></tr></tbody></table></div>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7273923", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-05-26T15:55:41.059Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36221", "state": "PUBLISHED", "dateUpdated": "2026-05-26T17:48:22.026Z", "dateReserved": "2025-04-15T21:16:41.802Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-05-26T15:55:41.059Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"cpes": ["cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:11.3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:cloud_pak_for_data_system___cyclops:interim:interim_fix_002:*:*:*:*:*:*"], "product": "Cloud Pak for Data System - Cyclops", "vendor": "IBM", "versions": [{"lessThanOrEqual": "Interim Fix 002", "status": "affected", "version": "11.3.0.2", "versionType": "semver"}]}], "source": "psirt@us.ibm.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data_system_-_cyclops:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EF30D9E-5442-4FCD-BE07-010F5DB14F1D", "versionEndExcluding": "11.3.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data_system_-_cyclops:11.3.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "0E5BD61E-87B3-4979-9FF5-2591CA37B751", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data_system_-_cyclops:11.3.0.2:interim_fix_2:*:*:*:*:*:*", "matchCriteriaId": "6C04C712-C216-42EB-8E89-CB9CC1D4AF27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication."}], "id": "CVE-2025-36221", "lastModified": "2026-06-17T09:14:36.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-36221", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-05-26T17:47:14.104251Z", "version": "2.0.3"}}]}, "published": "2026-05-26T17:16:29.270", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7273923"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[11.3.0.2,Interim Fix 002]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Cloud Pak for Data System - Cyclops", "source": "cna", "vendor": "IBM"}, "product": "cloud_pak_for_data_system_-_cyclops", "vendor": "ibm"}], "created": "2026-05-26T18:30:12.463019+00:00", "updated": "2026-06-02T17:15:19.003232+00:00", "vendors": ["ibm", "ibm$PRODUCT$cloud_pak_for_data_system_-_cyclops"]}