Remote Code Execution Vulnerability in IBM FlashSystem
CVE-2025-0160

8.1HIGH

Key Information:

Vendor: IBM
Status: Storage Virtualize
Vendor: CVE Published:; 28 February 2025

Summary

A vulnerability in IBM FlashSystem allows remote attackers with system access to execute arbitrary Java code. This issue arises due to inadequate restrictions in the RPCAdapter service, potentially leading to significant system compromise for affected versions. It is crucial for organizations using the impacted versions to assess their environments and implement necessary security measures to mitigate this risk.

Affected Version(s)

Storage Virtualize 8.5.0.0 <= 8.5.0.13

Storage Virtualize 8.5.1.0

Storage Virtualize 8.5.2.0 <= 8.5.2.3

References

https://www.ibm.com/support/pages/node/7184182

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Dec 31, 2024