{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1351", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-02-15T15:14:08.079Z", "datePublished": "2025-07-07T16:41:23.342Z", "dateUpdated": "2025-08-24T11:32:40.044Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Storage Virtualize", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.5"}, {"status": "affected", "version": "8.6"}, {"status": "affected", "version": "8.7"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Storage Virtualize 8.5, 8.6, and 8.7 products </span>could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."}], "value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-24T11:32:40.044Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7237157"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.<br><br>Affected Version(s) Fixed Version<br>8.5.0.0-8.5.0.14 8.5.0.15<br>8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8<br>8.6.0.0-8.6.0.7 8.6.0.8<br>8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5<br>8.7.0.0-8.7.0.4 8.7.0.5<br>8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"}], "value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s) Fixed Version\n8.5.0.0-8.5.0.14 8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\n8.6.0.0-8.6.0.7 8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\n8.7.0.0-8.7.0.4 8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Storage Virtualize privilege escalation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-08T03:55:22.034518Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T13:30:31.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-08T03:55:22.034518Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T13:24:56.329Z"}}], "cna": {"title": "IBM Storage Virtualize privilege escalation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Storage Virtualize", "versions": [{"status": "affected", "version": "8.5"}, {"status": "affected", "version": "8.6"}, {"status": "affected", "version": "8.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s) Fixed Version\n8.5.0.0-8.5.0.14 8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8\n8.6.0.0-8.6.0.7 8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5\n8.7.0.0-8.7.0.4 8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2", "supportingMedia": [{"type": "text/html", "value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.<br><br>Affected Version(s) Fixed Version<br>8.5.0.0-8.5.0.14 8.5.0.15<br>8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 8.6.0.8<br>8.6.0.0-8.6.0.7 8.6.0.8<br>8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 8.7.0.5<br>8.7.0.0-8.7.0.4 8.7.0.5<br>8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1 8.7.3.2", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7237157", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Storage Virtualize 8.5, 8.6, and 8.7 products </span>could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-24T11:32:40.044Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1351", "state": "PUBLISHED", "dateUpdated": "2025-08-24T11:32:40.044Z", "dateReserved": "2025-02-15T15:14:08.079Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-07-07T16:41:23.342Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "E1BFB3D4-E523-43F7-A809-EDBA520EFF06", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "9974C055-7EE5-42ED-9998-9A8F1ABBE78E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."}, {"lang": "es", "value": "Los productos IBM Storage Virtualize 8.5, 8.6 y 8.7 podr\u00edan permitir que un usuario aumente sus privilegios a los de otro usuario que inicie sesi\u00f3n al mismo tiempo debido a una condici\u00f3n de ejecuci\u00f3n en la funci\u00f3n de inicio de sesi\u00f3n."}], "id": "CVE-2025-1351", "lastModified": "2025-08-14T00:57:24.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-07T17:15:27.693", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7237157"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}