Remote Code Execution Vulnerability in IBM Security Verify Access
CVE-2025-36355

8.5HIGH

What is CVE-2025-36355?

A vulnerability in IBM Security Verify Access allows a locally authenticated user to execute unauthorized scripts outside of their control sphere. This poses a risk by potentially enabling malicious actors to execute scripts on the system, leading to escalated privileges and other security concerns. The affected versions include IBM Security Verify Access 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0. Users and administrators are urged to apply patches promptly to safeguard their systems.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.9.0 IF2

Security Verify Access Appliance 11.0.0.0 <= 11.0.1.0

Security Verify Access Docker 10.0.0.0 <= 10.0.9.0 IF2

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-36355 : Remote Code Execution Vulnerability in IBM Security Verify Access