What is CVE-2025-36373?

CVE-2025-36373 is a medium-severity vulnerability in Ibm Datapower Gateway 10.5.0, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 4.1/10. Published 2026-04-01.

How severe is CVE-2025-36373?

Medium severity. CVSS v3 base score is 4.1 out of 10.

Vulnerability in Ibm Datapower Gateway 10.5.0

CVE-2025-36373

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information…

EPSS: 0.000 (11.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N.

Affected products

Ibm Datapower Gateway 10.5.0 — versions 10.5.0.0
Ibm Datapower Gateway 10.6.0 — versions 10.6.0.0
Ibm Datapower Gateway 10.6cd — versions 10.6.1.0

Weakness classification (CWE)

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere

References

www.ibm.com/support/pages/node/7267833 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-36373?: CVE-2025-36373 is a medium-severity vulnerability in Ibm Datapower Gateway 10.5.0, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 4.1/10. Published 2026-04-01.
How severe is CVE-2025-36373?: Medium severity. CVSS v3 base score is 4.1 out of 10.