IBM Storage Virtualize privilege escalation_CVE-2025-36120

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.

Basic Information

ID CVE-2025-36120

Source ibm

Published Aug 18, 2025 at 13:39

Modified Aug 18, 2025 at 13:57

Affected Product

Vendor IBM

Product Storage Virtualize

Version 8.4

Affected Versions IBM Storage Virtualize 8.4
IBM Storage Virtualize 8.5
IBM Storage Virtualize 8.6
IBM Storage Virtualize 8.7

CWE Classification

CWE-863

References

www.ibm.com /support/pages/node/7240796

{
    "lastseen": "",
    "description": "IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.",
    "published": "2025-08-18T13:39:41.381Z",
    "modified": "2025-08-18T13:57:05.503Z",
    "type": "cve",
    "title": "IBM Storage Virtualize privilege escalation",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7240796",
    "id": "CVE-2025-36120",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "IBM Storage Virtualize 8.4\nIBM Storage Virtualize 8.5\nIBM Storage Virtualize 8.6\nIBM Storage Virtualize 8.7",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Storage Virtualize",
    "version": "8.4",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}