CVE-2025-0159: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

, and Dark Web Informer

February 28, 2025 . 8:34 PM

1 min read

🚨 Critical Security Vulnerability
🆔 CVE-2025-0159
💣 CVSS Score: 9.1
📅 Published Date: 2025-02-28

⚠️ Details: IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.

🛠 References:
🔗 NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-0159
🔗 IBM: https://www.ibm.com/support/pages/node/7184182