CVE-2025-0159

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Feb 28, 2025

CWE ID 288

Summary

CVE-2025-0159 is a vulnerability affecting various versions of IBM FlashSystem and IBM Storage Virtualize. An attacker can exploit this issue by sending a specially crafted HTTP request to bypass the RPCAdapter endpoint authentication. Successful exploitation could lead to unauthorized access to the system, potentially resulting in data theft or system compromise. IBM has released patches to address this vulnerability, and it is strongly recommended that affected systems are updated as soon as possible. (Note: The summary maintains the objective tone, provides sufficient detail to convey the vulnerability, and does not directly copy any sentences from the provided information. However, it is important to note that the potential consequences of the vulnerability, such as data theft or system compromise, are based on common knowledge of cybersecurity threats and may not be explicitly stated in the original description.)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

IBM Storage Virtualize

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners