{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-36120","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:18.171Z","datePublished":"2025-08-18T13:39:41.381Z","dateUpdated":"2026-02-26T17:48:30.436Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:storage_virtualize:8.4:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*","cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Storage Virtualize","vendor":"IBM","versions":[{"status":"affected","version":"8.4"},{"status":"affected","version":"8.5"},{"status":"affected","version":"8.6"},{"status":"affected","version":"8.7"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."}],"value":"IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863 Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-18T13:39:41.381Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7240796"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.</p><div><table><tbody><tr><td>Affected Version(s)</td><td>Fixed Version</td></tr><tr><td>8.4.0.0-8.4.0.17</td><td>8.4.0.18</td></tr><tr><td>8.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.1</td><td>8.5.0.16</td></tr><tr><td>8.5.0.0-8.5.0.15</td><td>8.5.0.16</td></tr><tr><td>8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0</td><td>8.6.0.9</td></tr><tr><td>8.6.0.0-8.6.0.8</td><td>8.6.0.9</td></tr><tr><td>8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0</td><td>8.7.0.6</td></tr><tr><td>8.7.0.0-8.7.0.5</td><td>8.7.0.6</td></tr><tr><td>8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.2</td><td>8.7.3.3</td></tr></tbody></table></div>\n\n<br>"}],"value":"IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)Fixed Version8.4.0.0-8.4.0.178.4.0.188.4.1.0, 8.4.2.0-8.4.2.1, 8.4.3.18.5.0.168.5.0.0-8.5.0.158.5.0.168.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.08.6.0.98.6.0.0-8.6.0.88.6.0.98.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.08.7.0.68.7.0.0-8.7.0.58.7.0.68.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.28.7.3.3"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Storage Virtualize privilege escalation","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-36120","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-08-19T03:55:31.886479Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:48:30.436Z"}}]}}