What is CVE-2025-36017?

CVE-2025-36017 is a medium-severity vulnerability in Ibm Controller, classified under CWE-526. CVSS score: 6.5/10. Published 2025-12-08.

How severe is CVE-2025-36017?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Ibm Controller

CVE-2025-36017

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.

EPSS: 0.000 (10.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ibm Controller — versions 11.1.0

Weakness classification (CWE)

CWE-526

References

www.ibm.com/support/pages/node/7253283 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-36017?: CVE-2025-36017 is a medium-severity vulnerability in Ibm Controller, classified under CWE-526. CVSS score: 6.5/10. Published 2025-12-08.
How severe is CVE-2025-36017?: Medium severity. CVSS v3 base score is 6.5 out of 10.