Privilege Escalation in IBM Storage Virtualize by IBM
CVE-2025-36120

8.8HIGH

Key Information:

Vendor: IBM
Status: Storage Virtualize
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-36120?

IBM Storage Virtualize versions 8.4 to 8.7 present a security issue where an authenticated user could exploit flawed authorization checks during SSH sessions. This vulnerability allows the user to gain elevated privileges, potentially granting unauthorized access to sensitive resources. Users of these affected versions are advised to consult IBM's advisory for mitigation strategies and available patches.

Affected Version(s)

Storage Virtualize 8.4

Storage Virtualize 8.5

Storage Virtualize 8.6

References

https://www.ibm.com/support/pages/node/7240796

vendor-advisorypatch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Apr 15, 2025