CVE-2025-0159
EUVD-2025-592828.02.2025, 19:15
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | storage_virtualize | 8.5 ≤ 𝑥 < 8.5.0.14 |
| ibm | storage_virtualize | 8.5.2.0 ≤ 𝑥 ≤ 8.5.2.3 |
| ibm | storage_virtualize | 8.6.0.0 ≤ 𝑥 < 8.6.0.6 |
| ibm | storage_virtualize | 8.7.0.0 ≤ 𝑥 < 8.7.0.3 |
| ibm | storage_virtualize | 8.5.1.0 |
| ibm | storage_virtualize | 8.5.3.0 |
| ibm | storage_virtualize | 8.5.3.1 |
| ibm | storage_virtualize | 8.5.4.0 |
| ibm | storage_virtualize | 8.6.1.0 |
| ibm | storage_virtualize | 8.6.2.0 |
| ibm | storage_virtualize | 8.6.2.1 |
| ibm | storage_virtualize | 8.6.3.0 |
| ibm | storage_virtualize | 8.7.1.0 |
| ibm | storage_virtualize | 8.7.2.0 |
| ibm | storage_virtualize | 8.7.2.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-288 - Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.