Remote Code Execution Vulnerability in IBM Security Verify Access
CVE-2025-36355

8.5HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-36355?

A vulnerability in IBM Security Verify Access allows a locally authenticated user to execute unauthorized scripts outside of their control sphere. This poses a risk by potentially enabling malicious actors to execute scripts on the system, leading to escalated privileges and other security concerns. The affected versions include IBM Security Verify Access 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0. Users and administrators are urged to apply patches promptly to safeguard their systems.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.9.0 IF2

Security Verify Access Appliance 11.0.0.0 <= 11.0.1.0

Security Verify Access Docker 10.0.0.0 <= 10.0.9.0 IF2

References

https://www.ibm.com/support/pages/node/7247215

vendor-advisorypatch

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Apr 15, 2025

JSON