CVE-2025-0159

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7184182	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:::::::*

History

No history.

Information

Published : 2025-02-28 19:15

Updated : 2025-08-18 18:22

NVD link : CVE-2025-0159

Mitre link : CVE-2025-0159

CVE.ORG link : CVE-2025-0159

JSON object : View

Products Affected

ibm

storage_virtualize

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-0159", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-02-28T19:15:36.243", "references": [{"url": "https://www.ibm.com/support/pages/node/7184182", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-288"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request."}, {"lang": "es", "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 a 8.5.0.13, 8.5.1.0, 8.5.2.0 a 8.5.2.3, 8.5.3.0 a 8.5.3.1, 8.5.4.0, 8.6.0.0 a 8.6.0.5, 8.6.1.0, 8.6.2.0 a 8.6.2.1, 8.6.3.0, 8.7.0.0 a 8.7.0.2, 8.7.1.0, 8.7.2.0 a 8.7.2.1) podr\u00eda permitir que un atacante remoto omita la autenticaci\u00f3n del endpoint RPCAdapter mediante el env\u00edo de una solicitud HTTP espec\u00edficamente manipulada."}], "lastModified": "2025-08-18T18:22:20.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53306313-B866-4EE7-AB3C-FA8E6C020E5E", "versionEndExcluding": "8.5.0.14", "versionStartIncluding": "8.5"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6", "versionEndIncluding": "8.5.2.3", "versionStartIncluding": "8.5.2.0"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F62C6AC-E55E-4B0E-9E82-B3ACBE5813A4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0107779-1EF3-4235-AC4A-497873B2FDDF", "versionEndExcluding": "8.7.0.3", "versionStartIncluding": "8.7.0.0"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}