File Upload Vulnerability in IBM Security Verify Directory
CVE-2025-36074

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Directory (container)
Vendor: CVE Published:; 22 April 2026

What is CVE-2025-36074?

IBM Security Verify Directory versions 10.0.0 to 10.0.0.3 are at risk for a file upload vulnerability that arises from insufficient validation of uploaded file types. This flaw allows a privileged user to upload potentially harmful files, which can be exploited to launch further attacks against the system. It is crucial for organizations using affected versions to implement recommended security measures to mitigate risks and protect their data integrity.

Affected Version(s)

Security Verify Directory (Container) 10.0.0 <= 10.0.0.3

References

https://www.ibm.com/support/pages/node/7268907

vendor-advisorypatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-36074 Data

JSON