CVE-2025-36262: IBM Planning Analytics Local information disclosure

Published Sep 30, 2025
·
Updated

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

Affected Software

5 affected components
IBM Planning Analytics Local>=2.0.0<=2.0.106, >=2.1.0<=2.1.13
IBM Planning Analytics Local - IBM Planning Analytics Workspace<=2.1.0 - 2.1.13
IBM Planning Analytics Local - IBM Planning Analytics Workspace<=2.0.0 - 2.0.106
IBM Planning Analytics Local>=2.0.0<=2.0.106
IBM Planning Analytics Local>=2.1.0<=2.1.13

Remediation

Information

It is strongly recommended that you apply the most recent security updates:   Affected Product(s)VersionFixIBM Planning Analytics Local - IBM Planning Analytics Workspace2.1.0 - 2.1.13 IBM Planning Analytics Local 2.1.14 is now available for download from Fix Central https://www.ibm.com/support/pages/node/7245803 IBM Planning Analytics Local - IBM Planning Analytics Workspace2.0.0 - 2.0.106 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 107 from Fix Central https://www.ibm.com/support/pages/node/7245802 IBM Planning Analytics Cloud and Planning Analytics as a Service environments have been remediated.

Event History

Sep 30, 2025
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·07:42 PM
Data Sourced
via MITRE·07:42 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·08:15 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-36262?

CVE-2025-36262 has been classified as a high severity vulnerability due to the potential for unauthorized access to sensitive information.

2

How do I fix CVE-2025-36262?

To remediate CVE-2025-36262, it is recommended to update IBM Planning Analytics Local to version 2.1.14 or later, which addresses the input validation issue.

3

Who is affected by CVE-2025-36262?

The vulnerability affects users of IBM Planning Analytics Local versions 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13.

4

What is the impact of exploiting CVE-2025-36262?

Exploitation of CVE-2025-36262 could allow a malicious privileged user to bypass the user interface and access unauthorized sensitive data.

5

Is there a workaround for CVE-2025-36262?

Currently, there are no known workarounds for CVE-2025-36262; updating to a secure version is the only reliable solution.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203