CVE-2025-0160

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7184182	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize::::::::
	cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:::::::*
	cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:::::::*

History

No history.

Information

Published : 2025-02-28 19:15

Updated : 2025-08-18 18:21

NVD link : CVE-2025-0160

Mitre link : CVE-2025-0160

CVE.ORG link : CVE-2025-0160

JSON object : View

Products Affected

ibm

storage_virtualize

CWE

CWE-114

Process Control

NVD-CWE-noinfo

{"id": "CVE-2025-0160", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-02-28T19:15:36.393", "references": [{"url": "https://www.ibm.com/support/pages/node/7184182", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-114"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."}, {"lang": "es", "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 a 8.5.0.13, 8.5.1.0, 8.5.2.0 a 8.5.2.3, 8.5.3.0 a 8.5.3.1, 8.5.4.0, 8.6.0.0 a 8.6.0.5, 8.6.1.0, 8.6.2.0 a 8.6.2.1, 8.6.3.0, 8.7.0.0 a 8.7.0.2, 8.7.1.0, 8.7.2.0 a 8.7.2.1) podr\u00eda permitir que un atacante remoto con acceso al sistema ejecute c\u00f3digo Java arbitrario debido a restricciones inadecuadas en el servicio RPCAdapter."}], "lastModified": "2025-08-18T18:21:59.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53306313-B866-4EE7-AB3C-FA8E6C020E5E", "versionEndExcluding": "8.5.0.14", "versionStartIncluding": "8.5"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CFABC40-3A05-4932-BDBE-44F3F764BEA6", "versionEndIncluding": "8.5.2.3", "versionStartIncluding": "8.5.2.0"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F62C6AC-E55E-4B0E-9E82-B3ACBE5813A4", "versionEndExcluding": "8.6.0.6", "versionStartIncluding": "8.6.0.0"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0107779-1EF3-4235-AC4A-497873B2FDDF", "versionEndExcluding": "8.7.0.3", "versionStartIncluding": "8.7.0.0"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1B622C-6334-4AA4-AF60-69AEAADF9E23"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAEC7842-7D7D-4D78-B017-C507DFEA11AB"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC3CD809-194E-4413-8F9A-95CB84D32171"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C50BA8E4-CB24-4AE3-BAC1-1AF4ED7D8D6A"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE7DA013-A9EC-4B48-910A-7FBF732CC911"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "018447CD-A245-458F-AF29-9BDD6FBB9D87"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED71E5AF-8688-4E56-90D8-C7ADE1CE639F"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186BA56B-251C-4B47-8AC4-6D5ADA615F46"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E12C7956-C1FC-41EA-A3C1-D150A703CE5D"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C74286-EE16-4DE0-B170-0928639749A6"}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81385378-8E72-4966-9126-05CD1D65F89C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}