CVE-2025-36118

Summary

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.

Affected Software

VendorProductVersion RangeStatus
IBMStorage Virtualize8.4affected
IBMStorage Virtualize8.5affected
IBMStorage Virtualize8.7affected
IBMStorage Virtualize9.1affected

Weaknesses

  • CWE-244: CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References