CVE-2025-0159

CWE-288CWE-306Missing Authentication3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.0%
top 91.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Storage Virtualize
Timeline
PublishedFeb 28

Description

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDibm/storage_virtualize8.58.5.0.14+14
CVEListV5ibm/storage_virtualize8.5.0.08.5.0.13+10

🔴Vulnerability Details

2
CVEList
IBM FlashSystem authentication bypass2025-02-28
GHSA
GHSA-qwf3-8j2h-jw5h: IBM FlashSystem (IBM Storage Virtualize (82025-02-28
CVE-2025-0159 (CRITICAL CVSS 9.1) | IBM FlashSystem (IBM Storage Virtua | cvebase.io