Improper Input Validation in IBM Security Verify Access Affects User Command Execution
CVE-2025-36354

7.3HIGH

Key Information:

Vendor

IBM
Status
Security Verify Access Appliance
Security Verify Access Docker
Vendor
CVE Published:
6 October 2025

What is CVE-2025-36354?

IBM Security Verify Access and its Docker version contain a vulnerability that may allow an unauthenticated user to execute arbitrary commands with limited user privileges. This issue arises from insufficient validation of user-supplied input, making the affected systems potentially exploitable if not addressed with proper patches.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.9.0 IF2

Security Verify Access Appliance 11.0.0.0 <= 11.0.1.0

Security Verify Access Docker 10.0.0.0 <= 10.0.9.0 IF2

References

https://www.ibm.com/support/pages/node/7247215
vendor-advisorypatch

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-36354 : Improper Input Validation in IBM Security Verify Access Affects User Command Execution