AI description
CVE-2025-0159 is an authentication bypass vulnerability affecting the RPCAdapter endpoint in IBM Storage Virtualize products. A remote attacker can exploit this flaw by sending a specially crafted HTTP request, bypassing authentication mechanisms and gaining unauthorized access to administrative functions. This vulnerability affects the graphical user interface (GUI) components of various IBM storage product lines, including SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem. IBM has acknowledged this vulnerability and assigned it a CVSS base score of 9.1. The vulnerability stems from improper authentication mechanisms within the RPCAdapter, allowing attackers to circumvent credential checks despite lacking valid tokens or certificates. Exploiting this vulnerability could allow an attacker to gain unauthorized access to sensitive data and potentially control the affected storage systems.
- Description
- IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
- Source
- psirt@us.ibm.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-288
- Hype score
- Not currently trending
IBM Storage の深刻な脆弱性 CVE-2025-0159/0160 が FIX:認証バイパスと RCE の恐れ https://t.co/sXrjo2cSgA IBM Storage に、認証バイパスと RCE 脆弱性です。CVSS 値はそれぞれ 9.1/8.1 と、どちらも深刻な脆弱性です。ご利用のチームは、ご注意下さい。 #Cloud #CVE20250159 #CVE20250160… https://t.co/ZBLoE3gL9N
@iototsecnews
11 Mar 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0159 (CVSS:9.1, CRITICAL) is Awaiting Analysis. IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5..https://t.co/GRVjyhEtLF #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
5 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical IBM Storage Virtualize Vulnerabilities Allow Remote Code Execution Two severe vulnerabilities (CVE-2025-0159 & CVE-2025-0160) allow authentication bypass & remote code execution on IBM storage systems. ⚠️ https://t.co/A9vpAS9EpD https://t.co/8v99mbgBg7
@threatsbank
5 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities (CVE-2025-0159 & CVE-2025-0160) in IBM Storage Virtualize allow authentication bypass & code execution. CVSS scores: 9.1 & 8.1. Upgrade systems to mitigate risks. 🔒💻 #IBM #DataSecurity #USA link: https://t.co/FVI6VWIgpQ https://t.co/pACByny
@TweetThreatNews
4 Mar 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: IBM Storage Virtualize Flaws Allow Remote Code Execution 📅 Timeline: Disclosure: 2025-03-04, Patch: 2025-03-04 📌 Attribution: 🆔cveId: CVE-2025-0159, CVE-2025-0160 📊baseScore: 9.1 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H… https://
@syedaquib77
4 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Critical IBM Storage Flaw Allows Authentication Bypass 📅 Timeline: Disclosure: 2025-02-28 🆔cveId: CVE-2025-0159 📊baseScore: 9.1 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvssSeverity: Critical 🔴 🛠️exploitMaturity: Not Available…
@syedaquib77
4 Mar 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0159 (CVSS 9.1): Critical IBM Storage Flaw Allows Authentication Bypass Learn about CVE-2025-0159, a critical vulnerability in IBM Storage Virtualize products that allows authentication bypass. https://t.co/H7JsoaJeL7
@the_yellow_fall
4 Mar 2025
247 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Warning: @IBM patched two critical vulnerabilities in IBM Storage Virtualize products (CVE-2025-0159, CVSS 9.1; CVE-2025-0160 CVSS 8.1). The vulnerabilities could allow authentication bypass and arbitrary code execution. IBM advisory: https://t.co/1ZuUfBvSDv #Patch #Patch #Patch
@CCBalert
3 Mar 2025
246 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-0159 ⚠️🔴 CRITICAL (9.1) 🏢 IBM - Storage Virtualize 🏗️ 8.5.0.0 🔗 https://t.co/rAq9XRZDm9 #CyberCron #VulnAlert #InfoSec @IBM https://t.co/mXUlsOUVZT
@cybercronai
2 Mar 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products 📅 Timeline: Disclosure: 2025-02-28 | Patch: Not available 📌 Attribution: IBM Corporation 🆔 cveId: CVE-2025-0159 📊… https://
@syedaquib77
1 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-0159 - IBM FlashSystem - HIGH 🚨 🗓️ Date published 2025-02-28 19:15:36 UTC #IBMFlashSystem #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/M0IvHyWs6H
@vulns_space
28 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-0159: CRITICAL] Vulnerability in IBM FlashSystem could let remote attackers bypass authentication. Update to versions 8.5.0.14, 8.5.1.1, 8.5.2.5, 8.5.3.2, 8.5.4.1, 8.6.0.6, 8.6.1.1, 8.6.2.2, 8.6.3.1, 8.7...#cybersecurity,#vulnerability https://t.co/i7QU8mh0es https://t.
@CveFindCom
28 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes