Remote Username Enumeration Vulnerability in IBM Security Verify Access Appliance and Docker
CVE-2025-0163

5.3MEDIUM

Key Information:

Vendor

IBM
Status
Security Verify Access
Security Verify Access Docker
Vendor
CVE Published:
11 June 2025

What is CVE-2025-0163?

A vulnerability in IBM Security Verify Access Appliance and Docker versions 10.0 through 10.0.8 allows remote attackers to enumerate valid usernames. This occurs due to inconsistencies in responses when querying disabled accounts, potentially exposing sensitive user information to attackers.

Affected Version(s)

Security Verify Access 10.0 <= 10.0.8

Security Verify Access Docker 10.0 <= 10.0.8

References

https://www.ibm.com/support/pages/node/7236314
vendor-advisorypatch

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-0163 : Remote Username Enumeration Vulnerability in IBM Security Verify Access Appliance and Docker