CVE-2025-36375

MEDIUM 6.5

IBM DataPower Gateway vulnerable to CSRF

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

2th

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CWE	CWE-352
Vendor	ibm
Product	datapower gateway 10.6cd
Published	Apr 1, 2026
Last Updated	Apr 3, 2026

Stay Ahead of the Next One

Get instant alerts for ibm datapower gateway 10.6cd

Be the first to know when new medium vulnerabilities affecting ibm datapower gateway 10.6cd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

IBM / DataPower Gateway 10.6CD

10.6.1.0 ≤ 10.6.5.0

IBM / DataPower Gateway 10.5.0

10.5.0.0 ≤ 10.5.0.20

IBM / DataPower Gateway 10.6.0

10.6.0.0 ≤ 10.6.0.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ibm.com: https://www.ibm.com/support/pages/node/7268034

Credits

Acknowledgement This vulnerability was reported to IBM by Maciej Włodarczyk & Michał Bartoszuk @ STM Cyber.