CVE-2025-36003: IBM Security Verify Governance Identity Manager information disclosure

Published Aug 27, 2025
·
Updated

IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

Other sources

IBM Security Verify Governance Identity Manager could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.

IBM

Affected Software

5 affected components
IBM Security Verify Governance Identity Manager
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance -Identity Manager software component<=ISVG 10.0.2
IBM Security Verify Governance -Identity Manager virtual appliance component<=ISVG 10.0.2
IBM Security Verify Governance=10.0.2

Remediation

Information

Customers should update their systems by downloading the relevant fix pack: Affected product(s)Version(s)Fix AvailabilityIBM Security Verify Governance 10.0.2   https://www.ibm.com/support/fixcentral/swg/downloadFixes 10.0.2.0-ISS-ISVG-IGVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - Identity Manager Software Stack 10.0.2 10.0.2.0-ISS-ISVG-IMSW-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Security Verify Governance - Identity Manager Virtual Appliance 10.0.2 10.0.2.0-ISS-ISVG-IMVA-FP0006 https://www.ibm.com/support/fixcentral/swg/downloadFixes

Event History

Aug 27, 2025
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Aug 28, 2025
CVE Published
via MITRE·02:07 AM
Data Sourced
via MITRE·02:07 AM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·03:15 AM
DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-36003?

The severity of CVE-2025-36003 is classified as critical due to its potential to expose sensitive information.

2

How do I fix CVE-2025-36003?

To fix CVE-2025-36003, implement updates that suppress detailed technical error messages in IBM Security Verify Governance Identity Manager.

3

What information can be leaked due to CVE-2025-36003?

CVE-2025-36003 may leak sensitive system configurations and user data when detailed error messages are exposed.

4

Who is affected by CVE-2025-36003?

Organizations using IBM Security Verify Governance Identity Manager version 10.0.2 are affected by CVE-2025-36003.

5

Can CVE-2025-36003 lead to further attacks?

Yes, the information disclosed through CVE-2025-36003 can be utilized by attackers to launch more sophisticated attacks against the system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203