Privilege Escalation Vulnerability in IBM Storage Virtualize Products
CVE-2025-1351

6.7MEDIUM

Key Information:

Vendor: IBM
Status: Storage Virtualize
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-1351?

A vulnerability in IBM Storage Virtualize versions 8.5, 8.6, and 8.7 allows users to potentially escalate their privileges to match those of another user logging in simultaneously. This issue arises from a race condition in the login function, which may lead to unauthorized access and actions by an attacker leveraging this flaw. Addressing this vulnerability promptly is essential to maintaining a secure environment.

Affected Version(s)

Storage Virtualize 8.5

Storage Virtualize 8.6

Storage Virtualize 8.7

References

https://www.ibm.com/support/pages/node/7237157

vendor-advisorypatch

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Feb 15, 2025

JSON