CVE-2025-36222: IBM Fusion insecure default configuration

Published Sep 11, 2025
·
Updated

IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions.

Affected Software

9 affected componentsFixes available
IBM Fusion>=2.2.0<=2.10.1
IBM Fusion HCI>=2.2.0<=2.10.0
IBM Fusion HCI for watsonx>=2.8.2<=2.10.0
IBM Fusion<=2.2.0 - 2.10.1
IBM Fusion HCI<=2.2.0 - 2.10.0
IBM Fusion HCI for watsonx<=2.8.2 - 2.10.0
IBM Storage Fusion>=2.2.0<2.11.0
IBM Storage Fusion HCI>=2.2.0<2.11.0
IBM Storage Fusion Hci For Watsonx>=2.8.2<2.11.0

Remediation

Information

IBM strongly recommends addressing the vulnerability now. ProductsVersion range Remediation InstructionsIBM Fusion2.2.0 - 2.10.1Upgrade to IBM Fusion 2.11.0. See the README https://www.ibm.com/support/pages/node/7242341  for instructions..IBM Fusion HCI2.2.0 - 2.10.0Upgrade to IBM Fusion HCI 2.11.0. See the README https://www.ibm.com/support/pages/node/7242340  for instructions.IBM Fusion HCI for watsonx2.8.2 - 2.10.0Upgrade to IBM Fusion HCI for watsonx 2.11.0. See README https://www.ibm.com/support/pages/node/7242340  for instructions.

Event History

Sep 11, 2025
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·08:44 PM
Data Sourced
via MITRE·08:44 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-36222?

The severity of CVE-2025-36222 is considered significant due to the use of insecure default configurations that allow an attacker to perform unauthorized actions.

2

How do I fix CVE-2025-36222?

To fix CVE-2025-36222, apply the appropriate patches provided by IBM for the affected versions of IBM Fusion and IBM Fusion HCI.

3

Which versions are affected by CVE-2025-36222?

CVE-2025-36222 affects IBM Fusion versions 2.2.0 through 2.10.1, IBM Fusion HCI versions 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx versions 2.8.2 through 2.10.0.

4

What actions can an attacker perform due to CVE-2025-36222?

An attacker exploiting CVE-2025-36222 can perform unauthorized actions on AMQStreams due to the lack of client authentication.

5

Is remote access possible with CVE-2025-36222?

Yes, remote access to the affected services is possible due to insecure default configurations outlined in CVE-2025-36222.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203