Remote Code Execution Vulnerability in IBM Security Verify Access
CVE-2025-36355

8.5HIGH

Key Information:

Vendor

IBM
Status
Security Verify Access Appliance
Security Verify Access Docker
Vendor
CVE Published:
6 October 2025

What is CVE-2025-36355?

A vulnerability in IBM Security Verify Access allows a locally authenticated user to execute unauthorized scripts outside of their control sphere. This poses a risk by potentially enabling malicious actors to execute scripts on the system, leading to escalated privileges and other security concerns. The affected versions include IBM Security Verify Access 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0. Users and administrators are urged to apply patches promptly to safeguard their systems.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.9.0 IF2

Security Verify Access Appliance 11.0.0.0 <= 11.0.1.0

Security Verify Access Docker 10.0.0.0 <= 10.0.9.0 IF2

References

https://www.ibm.com/support/pages/node/7247215
vendor-advisorypatch

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-36355 : Remote Code Execution Vulnerability in IBM Security Verify Access