CVE-2025-36355

Summary

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0

could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Verify Access Appliance10.0.0.0 <= 10.0.9.0 IF2affected
IBMSecurity Verify Access Appliance11.0.0.0 <= 11.0.1.0affected
IBMSecurity Verify Access Docker10.0.0.0 <= 10.0.9.0 IF2affected
IBMSecurity Verify Access Docker11.0.0.0 <= 11.0.1.0affected

Weaknesses

  • CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References