CVE-2025-36356

Summary

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Verify Access Appliance10.0.0.0 <= 10.0.9.0 IF2affected
IBMSecurity Verify Access Appliance11.0.0.0 <= 11.0.1.0affected
IBMSecurity Verify Access Docker10.0.0.0 <= 10.0.9.0 IF2affected
IBMSecurity Verify Access Docker11.0.0.0 <= 11.0.1.0affected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References