Remote Code Execution Vulnerability in IBM FlashSystem
CVE-2025-0160
8.1HIGH
Summary
A vulnerability in IBM FlashSystem allows remote attackers with system access to execute arbitrary Java code. This issue arises due to inadequate restrictions in the RPCAdapter service, potentially leading to significant system compromise for affected versions. It is crucial for organizations using the impacted versions to assess their environments and implement necessary security measures to mitigate this risk.
Affected Version(s)
Storage Virtualize 8.5.0.0 <= 8.5.0.13
Storage Virtualize 8.5.1.0
Storage Virtualize 8.5.2.0 <= 8.5.2.3
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved