CVE-2025-0159

Published Feb 28, 2025

Last updated 16 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-0159 is an authentication bypass vulnerability affecting the RPCAdapter endpoint in IBM Storage Virtualize products. A remote attacker can exploit this flaw by sending a specially crafted HTTP request, bypassing authentication mechanisms and gaining unauthorized access to administrative functions. This vulnerability affects the graphical user interface (GUI) components of various IBM storage product lines, including SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem. IBM has acknowledged this vulnerability and assigned it a CVSS base score of 9.1. The vulnerability stems from improper authentication mechanisms within the RPCAdapter, allowing attackers to circumvent credential checks despite lacking valid tokens or certificates. Exploiting this vulnerability could allow an attacker to gain unauthorized access to sensitive data and potentially control the affected storage systems.

Description
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

psirt@us.ibm.com
CWE-288

Social media

Hype score
Not currently trending
  1. IBM Storage の深刻な脆弱性 CVE-2025-0159/0160 が FIX:認証バイパスと RCE の恐れ https://t.co/sXrjo2cSgA IBM Storage に、認証バイパスと RCE 脆弱性です。CVSS 値はそれぞれ 9.1/8.1 と、どちらも深刻な脆弱性です。ご利用のチームは、ご注意下さい。 #Cloud #CVE20250159 #CVE20250160… https://t.co/ZBLoE3gL9N

    @iototsecnews

    11 Mar 2025

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-0159 (CVSS:9.1, CRITICAL) is Awaiting Analysis. IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5..https://t.co/GRVjyhEtLF #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    5 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical IBM Storage Virtualize Vulnerabilities Allow Remote Code Execution Two severe vulnerabilities (CVE-2025-0159 & CVE-2025-0160) allow authentication bypass & remote code execution on IBM storage systems. ⚠️ https://t.co/A9vpAS9EpD https://t.co/8v99mbgBg7

    @threatsbank

    5 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Critical vulnerabilities (CVE-2025-0159 & CVE-2025-0160) in IBM Storage Virtualize allow authentication bypass & code execution. CVSS scores: 9.1 & 8.1. Upgrade systems to mitigate risks. 🔒💻 #IBM #DataSecurity #USA link: https://t.co/FVI6VWIgpQ https://t.co/pACByny

    @TweetThreatNews

    4 Mar 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️ Vulnerability Alert: IBM Storage Virtualize Flaws Allow Remote Code Execution 📅 Timeline: Disclosure: 2025-03-04, Patch: 2025-03-04 📌 Attribution: 🆔cveId: CVE-2025-0159, CVE-2025-0160 📊baseScore: 9.1 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H… https://

    @syedaquib77

    4 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️ Vulnerability Alert: Critical IBM Storage Flaw Allows Authentication Bypass 📅 Timeline: Disclosure: 2025-02-28 🆔cveId: CVE-2025-0159 📊baseScore: 9.1 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvssSeverity: Critical 🔴 🛠️exploitMaturity: Not Available…

    @syedaquib77

    4 Mar 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-0159 (CVSS 9.1): Critical IBM Storage Flaw Allows Authentication Bypass Learn about CVE-2025-0159, a critical vulnerability in IBM Storage Virtualize products that allows authentication bypass. https://t.co/H7JsoaJeL7

    @the_yellow_fall

    4 Mar 2025

    247 Impressions

    2 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. Warning: @IBM patched two critical vulnerabilities in IBM Storage Virtualize products (CVE-2025-0159, CVSS 9.1; CVE-2025-0160 CVSS 8.1). The vulnerabilities could allow authentication bypass and arbitrary code execution. IBM advisory: https://t.co/1ZuUfBvSDv #Patch #Patch #Patch

    @CCBalert

    3 Mar 2025

    246 Impressions

    1 Retweet

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  9. 🚨 CVE-2025-0159 ⚠️🔴 CRITICAL (9.1) 🏢 IBM - Storage Virtualize 🏗️ 8.5.0.0 🔗 https://t.co/rAq9XRZDm9 #CyberCron #VulnAlert #InfoSec @IBM https://t.co/mXUlsOUVZT

    @cybercronai

    2 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️ Vulnerability Alert: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize, and IBM FlashSystem products 📅 Timeline: Disclosure: 2025-02-28 | Patch: Not available 📌 Attribution: IBM Corporation 🆔 cveId: CVE-2025-0159 📊… https://

    @syedaquib77

    1 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. �� CVE-2025-0159 - IBM FlashSystem - HIGH 🚨 🗓️ Date published 2025-02-28 19:15:36 UTC #IBMFlashSystem #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/M0IvHyWs6H

    @vulns_space

    28 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. [CVE-2025-0159: CRITICAL] Vulnerability in IBM FlashSystem could let remote attackers bypass authentication. Update to versions 8.5.0.14, 8.5.1.1, 8.5.2.5, 8.5.3.2, 8.5.4.1, 8.6.0.6, 8.6.1.1, 8.6.2.2, 8.6.3.1, 8.7...#cybersecurity,#vulnerability https://t.co/i7QU8mh0es https://t.

    @CveFindCom

    28 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes