CVE-2025-0160

Published Feb 28, 2025

Last updated a month ago

CVSS high 8.1

Overview

Description
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@us.ibm.com
CWE-114

Social media

Hype score
Not currently trending

  1. IBM has patched critical flaws (CVE-2025-0159 & CVE-2025-0160) in FlashSystem, SAN Volume Controller & other storage products. Authentication bypass and RCE risks require immediate updates. Check your versions now. #Cybersecurity https://t.co/y6ad4xZDTW

    @RedTeamNewsBlog

    24 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical IBM Storage Virtualize Vulnerabilities Allow Remote Code Execution Two severe vulnerabilities (CVE-2025-0159 & CVE-2025-0160) allow authentication bypass & remote code execution on IBM storage systems. ⚠️ https://t.co/A9vpAS9EpD https://t.co/8v99mbgBg7

    @threatsbank

    5 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical vulnerabilities (CVE-2025-0159 & CVE-2025-0160) in IBM Storage Virtualize allow authentication bypass & code execution. CVSS scores: 9.1 & 8.1. Upgrade systems to mitigate risks. 🔒💻 #IBM #DataSecurity #USA link: https://t.co/FVI6VWIgpQ https://t.co/pACByny

    @TweetThreatNews

    4 Mar 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️ Vulnerability Alert: IBM Storage Virtualize Flaws Allow Remote Code Execution 📅 Timeline: Disclosure: 2025-03-04, Patch: 2025-03-04 📌 Attribution: 🆔cveId: CVE-2025-0159, CVE-2025-0160 📊baseScore: 9.1 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H… https://

    @syedaquib77

    4 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Warning: @IBM patched two critical vulnerabilities in IBM Storage Virtualize products (CVE-2025-0159, CVSS 9.1; CVE-2025-0160 CVSS 8.1). The vulnerabilities could allow authentication bypass and arbitrary code execution. IBM advisory: https://t.co/1ZuUfBvSDv #Patch #Patch #Patch

    @CCBalert

    3 Mar 2025

    246 Impressions

    1 Retweet

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. 🚨 CVE-2025-0160 🔴 HIGH (8.1) 🏢 IBM - Storage Virtualize 🏗️ 8.5.0.0 🔗 https://t.co/rAq9XRZDm9 #CyberCron #VulnAlert #InfoSec @IBM https://t.co/2yP4WjQMhh

    @cybercronai

    2 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. �� CVE-2025-0160 - IBM FlashSystem - HIGH 🚨 🗓️ Date published 2025-02-28 19:15:36 UTC #IBMFlashSystem #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/0GXaE5c7VF

    @vulns_space

    28 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References