{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0160", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-12-31T19:09:08.170Z", "datePublished": "2025-02-28T19:02:50.019Z", "dateUpdated": "2025-02-28T19:50:37.531Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Storage Virtualize", "vendor": "IBM", "versions": [{"lessThanOrEqual": "8.5.0.13", "status": "affected", "version": "8.5.0.0", "versionType": "semver"}, {"status": "affected", "version": "8.5.1.0"}, {"lessThanOrEqual": "8.5.2.3", "status": "affected", "version": "8.5.2.0", "versionType": "semver"}, {"lessThanOrEqual": "8.5.3.1", "status": "affected", "version": "8.5.3.0", "versionType": "semver"}, {"status": "affected", "version": "8.5.4.0"}, {"lessThanOrEqual": "8.6.0.5", "status": "affected", "version": "8.6.0.0", "versionType": "semver"}, {"status": "affected", "version": "8.6.1.0"}, {"lessThanOrEqual": "8.6.2.1", "status": "affected", "version": "8.6.2.0", "versionType": "semver"}, {"status": "affected", "version": "8.6.3.0"}, {"status": "affected", "version": "8.7.1.0"}, {"lessThanOrEqual": "8.7.2.1", "status": "affected", "version": "8.7.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."}], "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-114", "description": "CWE-114 Process Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-02-28T19:02:50.019Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7184182"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM FlashSystem code execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-28T19:50:26.610723Z", "id": "CVE-2025-0160", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T19:50:37.531Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0160", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-12-31T19:09:08.170Z", "datePublished": "2025-02-28T19:02:50.019Z", "dateUpdated": "2025-02-28T19:50:37.531Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Storage Virtualize", "vendor": "IBM", "versions": [{"lessThanOrEqual": "8.5.0.13", "status": "affected", "version": "8.5.0.0", "versionType": "semver"}, {"status": "affected", "version": "8.5.1.0"}, {"lessThanOrEqual": "8.5.2.3", "status": "affected", "version": "8.5.2.0", "versionType": "semver"}, {"lessThanOrEqual": "8.5.3.1", "status": "affected", "version": "8.5.3.0", "versionType": "semver"}, {"status": "affected", "version": "8.5.4.0"}, {"lessThanOrEqual": "8.6.0.5", "status": "affected", "version": "8.6.0.0", "versionType": "semver"}, {"status": "affected", "version": "8.6.1.0"}, {"lessThanOrEqual": "8.6.2.1", "status": "affected", "version": "8.6.2.0", "versionType": "semver"}, {"status": "affected", "version": "8.6.3.0"}, {"status": "affected", "version": "8.7.1.0"}, {"lessThanOrEqual": "8.7.2.1", "status": "affected", "version": "8.7.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."}], "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-114", "description": "CWE-114 Process Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-02-28T19:02:50.019Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7184182"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM FlashSystem code execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0160", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-28T19:50:26.610723Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T19:50:31.852Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service."}], "id": "CVE-2025-0160", "lastModified": "2025-02-28T19:15:36.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-02-28T19:15:36.393", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7184182"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-114"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}