Insecure Permissions in IBM Storage Scale Affecting Sensitive Data Exposure
CVE-2025-36104

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Storage Scale
Vendor: CVE Published:; 12 July 2025

What is CVE-2025-36104?

An issue has been identified in IBM Storage Scale versions 5.2.3.0 and 5.2.3.1, where an authenticated user may exploit insecure permissions inherited via the SMB protocol. This vulnerability permits unauthorized access to sensitive information contained in files, posing a substantial risk to data privacy and security.

Affected Version(s)

Storage Scale 5.2.3.0, 5.2.3.1

References

https://www.ibm.com/support/pages/node/7239562

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Apr 15, 2025