CVE-2025-0159: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

, and Dark Web Informer - Cyber Threat Intelligence

28 February 2025 . 8:34 PM

1 min read

🚨 Critical Security Vulnerability
🆔 CVE-2025-0159
💣 CVSS Score: 9.1
📅 Published Date: 2025-02-28

⚠️ Details: IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.

🛠 References:
🔗 NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-0159
🔗 IBM: https://www.ibm.com/support/pages/node/7184182