CVE-2025-36258

High

Published: 25 March 2026

Published

25 March 2026

Modified

26 March 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score 0.0001 0.3th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36258 is a high-severity Plaintext Storage of a Password (CWE-256) vulnerability in Ibm Infosphere Information Server. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials In Files (T1552.001). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-28 Protection of Information at Rest good match

prevent

Directly requires cryptographic mechanisms or physical safeguards to protect confidentiality of sensitive information like credentials stored at rest, preventing plain-text readability by local users.

IA-5 Authenticator Management good match

prevent

Mandates protection of authenticators such as user credentials commensurate with information sensitivity, explicitly addressing insecure plain-text storage.

AC-3 Access Enforcement partial match

prevent

Enforces logical access controls to system resources storing sensitive information, mitigating unauthorized local user access to plain-text credentials.

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Plaintext credential storage (CWE-256) directly enables local reading of credentials from files/storage.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

Deeper analysisAI

CVE-2025-36258 is a vulnerability in IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6, where the product stores user credentials and other sensitive information in plain text. This insecure storage allows the data to be read by a local user, as classified under CWE-256 (Plain-text Storage of a Password). The issue received a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) and was published on 2026-03-25.

A local attacker requires only local access to the system with no privileges, low attack complexity, and no user interaction to exploit this vulnerability. Successful exploitation enables reading of plaintext credentials and sensitive information, resulting in high-impact confidentiality loss due to the changed scope from the attack surface.

IBM's security advisory at https://www.ibm.com/support/pages/node/7266489 provides details on mitigation, including recommended patches and configuration changes to address the plain-text storage issue.

Details

CWE(s): CWE-256

Affected Products

ibm

infosphere information server

11.7.0.0 — 11.7.1.6

CVEs Like This One

CVE-2024-7577Same product: Ibm Aix

CVE-2025-14974Same product: Ibm Aix

CVE-2024-52363Same product: Ibm Aix

CVE-2024-51459Same product: Ibm Aix

CVE-2025-13855Same product: Ibm Aix

CVE-2024-38337Same product: Ibm Aix

CVE-2024-41783Same product: Ibm Aix

CVE-2024-49779Same product: Linux Linux Kernel

CVE-2024-49781Same product: Linux Linux Kernel

CVE-2025-13916Same product: Linux Linux Kernel

References

https://www.ibm.com/support/pages/node/7266489
Vendor Advisory · psirt@us.ibm.com