Remote Code Execution Vulnerability in IBM FlashSystem
CVE-2025-0160

8.1HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
28 February 2025

Summary

A vulnerability in IBM FlashSystem allows remote attackers with system access to execute arbitrary Java code. This issue arises due to inadequate restrictions in the RPCAdapter service, potentially leading to significant system compromise for affected versions. It is crucial for organizations using the impacted versions to assess their environments and implement necessary security measures to mitigate this risk.

Affected Version(s)

Storage Virtualize 8.5.0.0 <= 8.5.0.13

Storage Virtualize 8.5.1.0

Storage Virtualize 8.5.2.0 <= 8.5.2.3

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.