IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
Fixes

Solution

Storage Scale 5.2.2.0-5.2.2.1, IBM strongly recommends addressing the vulnerability by upgrading to 5.2.3.0 or later: https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&produ... https://www.ibm.com/support/fixcentral/swg/selectFixes


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77

Mon, 29 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-250

Tue, 12 Aug 2025 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm storage Scale
CPEs cpe:2.3:a:ibm:storage_scale:5.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:storage_scale:5.2.2.1:*:*:*:*:*:*:*
Vendors & Products Ibm storage Scale

Mon, 12 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 10 May 2025 02:30:00 +0000

Type Values Removed Values Added
Description IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
Title IBM Storage Scale command injection
First Time appeared Ibm
Ibm spectrum Scale Container Native Storage Access
Weaknesses CWE-77
CPEs cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spectrum_scale_container_native_storage_access:5.2.1.1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm spectrum Scale Container Native Storage Access
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-29T15:33:16.069Z

Reserved: 2025-02-08T20:16:19.164Z

Link: CVE-2025-1137

cve-icon Vulnrichment

Updated: 2025-05-12T13:20:42.437Z

cve-icon NVD

Status : Modified

Published: 2025-05-10T03:15:22.720

Modified: 2025-09-29T16:15:37.637

Link: CVE-2025-1137

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.