CVE-2025-3319

CWE-306Missing Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.0%
top 86.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Server
Timeline
PublishedJun 20

Description

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/spectrum_protect_server8.18.1.26
NVDibm/spectrum_protect_server8.1.0.08.1.26

🔴Vulnerability Details

2
CVEList
IBM Spectrum Protect Server authentication bypass2025-06-20
GHSA
GHSA-q7cg-792m-5x7x: IBM Spectrum Protect Server 82025-06-20
CVE-2025-3319 (CRITICAL CVSS 9.8) | IBM Spectrum Protect Server 8.1 thr | cvebase.io