CVE-2025-36090: IBM Analytics Content Hub information disclosure

Q: What is the severity of CVE-2025-36090?

CVE-2025-36090 is classified as a medium-severity vulnerability due to its potential to expose sensitive information.

Q: How do I fix CVE-2025-36090?

To mitigate CVE-2025-36090, it is recommended to apply available security updates for IBM Analytics Content Hub version 2.3 or later.

Q: What versions of IBM Analytics Content Hub are affected by CVE-2025-36090?

CVE-2025-36090 affects IBM Analytics Content Hub versions 2.0 to 2.3.

Q: What is the impact of CVE-2025-36090?

CVE-2025-36090 can allow remote attackers to gain sensitive information about the application framework through detailed technical error messages.

Q: Is there a workaround for CVE-2025-36090?

While there are no official workarounds, limiting access to the application logs can help reduce the risk associated with CVE-2025-36090.

Published Jul 9, 2025

Updated

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message.

Other sources

IBM Analytics Content Hub could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message.

— IBM

Affected Software

3 affected components

IBM Analytics Content Hub>=2.0<=2.3

IBM Analytics Content Hub<=2.0 - 2.3

IBM Analytics Content Hub>=2.0<2.4

Remediation

Information

IBM Analytics Content Hub 2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4

Event History

Jul 9, 2025

CVE Published

via IBM·12:00 AM

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Jul 10, 2025

CVE Published

via MITRE·02:12 PM

Data Sourced

via MITRE·02:12 PM

RemedyDescriptionSeverityWeakness

Data Sourced

via NVD·03:15 PM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7234122

Frequently Asked Questions

What is the severity of CVE-2025-36090?

CVE-2025-36090 is classified as a medium-severity vulnerability due to its potential to expose sensitive information.

How do I fix CVE-2025-36090?

To mitigate CVE-2025-36090, it is recommended to apply available security updates for IBM Analytics Content Hub version 2.3 or later.

What versions of IBM Analytics Content Hub are affected by CVE-2025-36090?

CVE-2025-36090 affects IBM Analytics Content Hub versions 2.0 to 2.3.

What is the impact of CVE-2025-36090?

CVE-2025-36090 can allow remote attackers to gain sensitive information about the application framework through detailed technical error messages.

Is there a workaround for CVE-2025-36090?

While there are no official workarounds, limiting access to the application logs can help reduce the risk associated with CVE-2025-36090.

CVE-2025-36090: IBM Analytics Content Hub information disclosure

Other sources

Affected Software

Remediation

Information

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-36090?

How do I fix CVE-2025-36090?

What versions of IBM Analytics Content Hub are affected by CVE-2025-36090?

What is the impact of CVE-2025-36090?

Is there a workaround for CVE-2025-36090?

Company

Resources

Contact