Information Disclosure in IBM Storage Virtualize Products
CVE-2025-36118

7.5HIGH

Key Information:

Vendor: IBM
Status: Storage Virtualize
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-36118?

A vulnerability in IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1 exists due to an improper implementation of the IKEv1 protocol. This flaw allows remote attackers to exploit Security Association (SA) negotiation requests, potentially leading to the retrieval of sensitive information stored in the device's memory. Users are advised to apply necessary patches to safeguard against potential information leakage.

Affected Version(s)

Storage Virtualize 8.4

Storage Virtualize 8.5

Storage Virtualize 8.7

References

https://www.ibm.com/support/pages/node/7250954

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Apr 15, 2025

JSON