{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-1351","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-02-15T15:14:08.079Z","datePublished":"2025-07-07T16:41:23.342Z","dateUpdated":"2026-02-26T18:27:54.618Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Storage Virtualize","vendor":"IBM","versions":[{"status":"affected","version":"8.5"},{"status":"affected","version":"8.6"},{"status":"affected","version":"8.7"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">IBM Storage Virtualize 8.5, 8.6, and 8.7 products </span>could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."}],"value":"IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-362","description":"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-24T11:32:40.044Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7237157"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.<br><br>Affected Version(s)  Fixed Version<br>8.5.0.0-8.5.0.14  8.5.0.15<br>8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0  8.6.0.8<br>8.6.0.0-8.6.0.7  8.6.0.8<br>8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0  8.7.0.5<br>8.7.0.0-8.7.0.4  8.7.0.5<br>8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1  8.7.3.2"}],"value":"IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)  Fixed Version\n8.5.0.0-8.5.0.14  8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0  8.6.0.8\n8.6.0.0-8.6.0.7  8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0  8.7.0.5\n8.7.0.0-8.7.0.4  8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1  8.7.3.2"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Storage Virtualize privilege escalation","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-1351","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-07-08T03:55:22.034518Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T18:27:54.618Z"}}]}}