Severe Security Vulnerabilities in IBM Storage Virtualize

IBM Storage Virtualize has been affected by two critical security vulnerabilities, CVE-2025-0159 and CVE-2025-0160, that affect GUI of many IBM Storage Virtualizations, posing significant risks to data security and system integrity. These vulnerabilities impact multiple versions of IBM FlashSystem, IBM SAN Volume Controller, and IBM Storwize series, potentially allowing unauthorized access and remote code execution.

Technical Description

CVE-2025-0159
This is an authentication bypass vulnerability in the RPCAdapter endpoint, which allows remote attackers to gain unauthorized access by sending specially crafted HTTP requests. The flaw exists due to poor authentication mechanisms within the service, making it possible for an attacker to bypass security controls. This vulnerability has been assigned a CVSS score of 9.1, categorizing it as critical.

CVE-2025-0160
This is a remote code execution (RCE) vulnerability that permits attackers with access to the system to execute arbitrary Java code. The issue arises from poor input validation within the RPCAdapter service, allowing attackers to inject and run malicious code. This vulnerability has a CVSS score of 8.1, indicating high severity.

Administrators are required to download updates through IBM’s Fix Central portal, where platform-specific patches for (FlashSystem 5000/5200/7200/9500) and (SAN Volume Controller nodes) are available. Given that no effective workarounds exist, the urgency of patching is heightened. Although network segmentation and firewall rules could help reduce exposure, IBM emphasizes that patching is the only reliable and definitive solution for mitigating the vulnerabilities.

Impact

If exploited, these vulnerabilities could allow attackers to bypass security mechanisms, gain unauthorized system access, execute arbitrary commands and compromise sensitive data. This could lead to operational disruptions, data breaches and further exploitation of affected networks.

Affected Versions

  • 8.5.2.0 to 8.5.2.3
  • 8.6.3.0
  • 8.7.0.0 to 8.7.0.2
  • 8.7.1.0
  • 8.5.3.0 to 8.5.3.1
  • 8.5.4.0
  • 8.6.0.0 to 8.6.0.5
  • 8.6.1.0
  • 8.5.0.0 to 8.5.0.13
  • 8.5.1.0
  • 8.6.2.0 to 8.6.2.1
  • 8.7.2.0 to 8.7.2.1

IOC and Context Details

Topics Details
Tactic Name Initial Access, Execution
Technique Name Exploitation for Initial Access
Exploitation for Client Execution
Sub Technique Name Web Application Exploit
Application Exploit
Attack Type Authentication Bypass, Remote Code Execution (RCE)
Targeted Applications IBM Storage Virtualize
Region Impacted Global
Industry Impacted All
IOC’s NA
CVE CVE-2025-0159, CVE-2025-0160

Recommended Actions

  • Software Updates: Upgrade your IBM Storage Virtualize to a secure version beyond the listed vulnerable releases. Regularly monitor IBM for security patches and apply them without delay.
  • Network Segmentation: Restrict network access to affected systems by placing them in a segmented environment, minimizing exposure to potential threats.
  • Access Management: Enforce strict access controls to ensure that only authorized personnel can configure and manage the affected systems.
  • Incident Detection: Implement continuous monitoring tools to quickly identify and respond to any suspicious activity.

References

https://www.ibm.com/support/pages/node/7184182

Let's Talk Today
Let's Talk Today

Reimagine possiblities that lead with agility and deliver at scale

Solutions

Digital SolutionsCloudAsset Performance ManagementMicrosoft Business ApplicationsCybersecurityIT InfrastructureManaged IT Services

Industries

Public SectorHealthcareBanking & Financial ServicesEnergy & UtilitiesEnterprisesCitiesTransportationTelecommunication

Company

About usOur HistoryGlobal PresenceAwards & RecognitionsLeadershipCorporate Social Responsibility

Insights

Resources

News & Press ReleaseEvents