CVE-2025-36087

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.0%
top 93.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Security Verify AccessIBM Verify Identity Access ContainerIBM Verify Identity Access
Timeline
PublishedOct 13

Description

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5ibm/verify_identity_access_container10.0.010.0.9+1
CVEListV5ibm/security_verify_access10.0.010.0.9+1
NVDibm/security_verify_access10.0.010.0.9

🔴Vulnerability Details

2
GHSA
GHSA-q7qp-3c6x-2g59: IBM Security Verify Access 102025-10-13
CVEList
IBM Security Verify Access hard coded credentials2025-10-13
CVE-2025-36087 (CRITICAL CVSS 9.8) | IBM Security Verify Access 10.0.0 t | cvebase.io