CVE-2025-0160

Summary

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

Affected Software

VendorProductVersion RangeStatus
IBMStorage Virtualize8.5.0.0 <= 8.5.0.13affected
IBMStorage Virtualize8.5.1.0affected
IBMStorage Virtualize8.5.2.0 <= 8.5.2.3affected
IBMStorage Virtualize8.5.3.0 <= 8.5.3.1affected
IBMStorage Virtualize8.5.4.0affected
IBMStorage Virtualize8.6.0.0 <= 8.6.0.5affected
IBMStorage Virtualize8.6.1.0affected
IBMStorage Virtualize8.6.2.0 <= 8.6.2.1affected
IBMStorage Virtualize8.6.3.0affected
IBMStorage Virtualize8.7.1.0affected
IBMStorage Virtualize8.7.2.0 <= 8.7.2.1affected

Weaknesses

  • CWE-114: CWE-114 Process Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References