Severe Security Vulnerabilities in IBM Storage Virtualize
IBM Storage Virtualize has been affected by two critical security vulnerabilities, CVE-2025-0159 and CVE-2025-0160, that affect GUI of many IBM Storage Virtualizations, posing significant risks to data security and system integrity. These vulnerabilities impact multiple versions of IBM FlashSystem, IBM SAN Volume Controller, and IBM Storwize series, potentially allowing unauthorized access and remote code execution.
Technical Description
CVE-2025-0159
This is an authentication bypass vulnerability in the RPCAdapter endpoint, which allows remote attackers to gain unauthorized access by sending specially crafted HTTP requests. The flaw exists due to poor authentication mechanisms within the service, making it possible for an attacker to bypass security controls. This vulnerability has been assigned a CVSS score of 9.1, categorizing it as critical.
CVE-2025-0160
This is a remote code execution (RCE) vulnerability that permits attackers with access to the system to execute arbitrary Java code. The issue arises from poor input validation within the RPCAdapter service, allowing attackers to inject and run malicious code. This vulnerability has a CVSS score of 8.1, indicating high severity.
Administrators are required to download updates through IBM’s Fix Central portal, where platform-specific patches for (FlashSystem 5000/5200/7200/9500) and (SAN Volume Controller nodes) are available. Given that no effective workarounds exist, the urgency of patching is heightened. Although network segmentation and firewall rules could help reduce exposure, IBM emphasizes that patching is the only reliable and definitive solution for mitigating the vulnerabilities.
Impact
If exploited, these vulnerabilities could allow attackers to bypass security mechanisms, gain unauthorized system access, execute arbitrary commands and compromise sensitive data. This could lead to operational disruptions, data breaches and further exploitation of affected networks.
Affected Versions
- 8.5.2.0 to 8.5.2.3
- 8.6.3.0
- 8.7.0.0 to 8.7.0.2
- 8.7.1.0
- 8.5.3.0 to 8.5.3.1
- 8.5.4.0
- 8.6.0.0 to 8.6.0.5
- 8.6.1.0
- 8.5.0.0 to 8.5.0.13
- 8.5.1.0
- 8.6.2.0 to 8.6.2.1
- 8.7.2.0 to 8.7.2.1
IOC and Context Details
| Topics | Details |
|---|---|
| Tactic Name | Initial Access, Execution |
| Technique Name | Exploitation for Initial Access, Exploitation for Client Execution |
| Sub Technique Name | Web Application Exploit, Application Exploit |
| Attack Type | Authentication Bypass & Remote Code Execution (RCE) |
| Targeted Applications | IBM Storage Virtualize |
| Region Impacted | Global |
| Industry Impacted | All |
| IOC’s | NA |
| CVE | CVE-2025-0159, CVE-2025-0160 |
Recommended Actions
- Software Updates: Upgrade your IBM Storage Virtualize to a secure version beyond the listed vulnerable releases. Regularly monitor IBM for security patches and apply them without delay.
- Network Segmentation: Restrict network access to affected systems by placing them in a segmented environment, minimizing exposure to potential threats.
- Access Management: Enforce strict access controls to ensure that only authorized personnel can configure and manage the affected systems.
- Incident Detection: Implement continuous monitoring tools to quickly identify and respond to any suspicious activity.