Improper Input Neutralization in IBM Storage Scale Affects User Privileges
CVE-2025-1137

7.5HIGH

Key Information:

Vendor: IBM
Status: Storage Scale
Vendor: CVE Published:; 10 May 2025

What is CVE-2025-1137?

Certain configurations of IBM Storage Scale versions 5.2.2.0 and 5.2.2.1 may allow authenticated users to execute privileged commands due to improper input neutralization. This situation arises when the system fails to adequately validate or sanitize user input, leading to potential unauthorized actions by users who should not have those privileges.

Affected Version(s)

Storage Scale 5.2.2.0, 5.2.2.1

References

https://www.ibm.com/support/pages/node/7233085

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2025
Vulnerability Reserved
Feb 8, 2025