CVE-2025-0163

CWE-2043 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 57.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Verify Access IBM Security Verify Access Docker

Timeline

PublishedJun 11

Description

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDibm/security_verify_access_docker10.0.0 — 10.0.9

▶CVEListV5ibm/security_verify_access_docker10.0 — 10.0.8

▶NVDibm/security_verify_access10.0.0 — 10.0.9

▶CVEListV5ibm/security_verify_access10.0 — 10.0.8

🔴Vulnerability Details

CVEList

IBM Security Verify Access information disclosure↗2025-06-11

▶

GHSA

GHSA-x854-vvhc-p3c8: IBM Security Verify Access Appliance and Docker 10↗2025-06-11

▶