CSRF in Ibm Datapower Gateway 10.5.0
CVE-2025-36375
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.
Affected products
- Ibm Datapower Gateway 10.5.0 — versions 10.5.0.0
- Ibm Datapower Gateway 10.6.0 — versions 10.6.0.0
- Ibm Datapower Gateway 10.6cd — versions 10.6.1.0
Weakness classification (CWE)
References
- www.ibm.com/support/pages/node/7268034 (vendor-advisory, patch)
Frequently asked questions
- What is CVE-2025-36375?
- CVE-2025-36375 is a medium-severity vulnerability in Ibm Datapower Gateway 10.5.0, classified under Cross-Site Request Forgery (CSRF). CVSS score: 6.5/10. Published 2026-04-01.
- How severe is CVE-2025-36375?
- Medium severity. CVSS v3 base score is 6.5 out of 10.