CVE-2025-0160

CWE-114 CWE-6675 documents5 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 58.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Storage Virtualize

Timeline

PublishedFeb 28

Description

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/storage_virtualize8.5 — 8.5.0.14+14

▶CVEListV5ibm/storage_virtualize8.5.0.0 — 8.5.0.13+10

🔴Vulnerability Details

CVEList

IBM FlashSystem code execution↗2025-02-28

▶

GHSA

GHSA-69vm-8rmf-jw2p: IBM FlashSystem (IBM Storage Virtualize (8↗2025-02-28

▶

📋Vendor Advisories

Microsoft

Possibility of deadlock in libbpf function sock_hash_delete_elem↗2023-07-11

▶