CVE-2025-0159

storage_virtualize vulnerability - ibm

Critical CVSS Score: 9.1 Published: 2025-02-28

Description

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.

Affected Systems

Vendor ibm
Product storage_virtualize
Affected Versions from 8.5 before 8.5.0.14; from 8.5.2.0 through 8.5.2.3; from 8.6.0.0 before 8.6.0.6; from 8.7.0.0 before 8.7.0.3; 8.5.1.0
CWE ID CWE-288

Mitigation

Apply the latest security patches from the vendor, restrict network exposure where applicable, and monitor for exploitation attempts.

Fix Instructions

Refer to the vendor advisory and apply the latest security updates. See references for detailed patching instructions.

References

Risk Assessment

CVSS: 9.1/10

Exploit Available Unknown
Patch Available Yes

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Related Vulnerabilities

high

CVE-2025-0975

mq_appliance...
critical

CVE-2024-49806

security_verify_access...
critical

CVE-2024-49805

security_verify_access...
critical

CVE-2024-49803

security_verify_access...

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring