CVE-2025-1351 (GCVE-0-2025-1351)
Vulnerability from cvelistv5
Published
2025-07-07 16:41
Modified
2025-07-11 13:30
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
References
Impacted products
Vendor Product Version
IBM Storage Virtualize Version: 8.5, 8.6, 8.7
    cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T03:55:22.034518Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:30:31.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Storage Virtualize",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.5, 8.6, 8.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Storage Virtualize 8.5, 8.6, and 8.7 products \u003c/span\u003ecould allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
            }
          ],
          "value": "IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T16:41:23.342Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7237157"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003cbr\u003e\u003cbr\u003eAffected Version(s)  Fixed Version\u003cbr\u003e8.5.0.0-8.5.0.14  8.5.0.15\u003cbr\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0  8.6.0.8\u003cbr\u003e8.6.0.0-8.6.0.7  8.6.0.8\u003cbr\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0  8.7.0.5\u003cbr\u003e8.7.0.0-8.7.0.4  8.7.0.5\u003cbr\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1  8.7.3.2"
            }
          ],
          "value": "IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\n\nAffected Version(s)  Fixed Version\n8.5.0.0-8.5.0.14  8.5.0.15\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0  8.6.0.8\n8.6.0.0-8.6.0.7  8.6.0.8\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0  8.7.0.5\n8.7.0.0-8.7.0.4  8.7.0.5\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1  8.7.3.2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Virtualize privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-1351",
    "datePublished": "2025-07-07T16:41:23.342Z",
    "dateReserved": "2025-02-15T15:14:08.079Z",
    "dateUpdated": "2025-07-11T13:30:31.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-1351\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-07-07T17:15:27.693\",\"lastModified\":\"2025-08-14T00:57:24.720\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.\"},{\"lang\":\"es\",\"value\":\"Los productos IBM Storage Virtualize 8.5, 8.6 y 8.7 podr\u00edan permitir que un usuario aumente sus privilegios a los de otro usuario que inicie sesi\u00f3n al mismo tiempo debido a una condici\u00f3n de ejecuci\u00f3n en la funci\u00f3n de inicio de sesi\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:storage_virtualize:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1BFB3D4-E523-43F7-A809-EDBA520EFF06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42E2161E-7444-43FE-BA82-DA2103104A5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:storage_virtualize:8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9974C055-7EE5-42ED-9998-9A8F1ABBE78E\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7237157\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1351\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-08T03:55:22.034518Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T13:24:56.329Z\"}}], \"cna\": {\"title\": \"IBM Storage Virtualize privilege escalation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:storage_virtualize:8.5.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.5.0.14:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.5.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.5.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.5.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.5.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.5.3.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.5.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.6.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.6.0.7:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.6.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.6.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.6.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.6.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.7.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.7.2.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.7.2.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.7.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:storage_virtualize:8.7.3.1:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Storage Virtualize\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5, 8.6, 8.7\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\\n\\nAffected Version(s)  Fixed Version\\n8.5.0.0-8.5.0.14  8.5.0.15\\n8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0  8.6.0.8\\n8.6.0.0-8.6.0.7  8.6.0.8\\n8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0  8.7.0.5\\n8.7.0.0-8.7.0.4  8.7.0.5\\n8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1  8.7.3.2\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, V5100 and V5000E, IBM FlashSystem 5000, 5100, 5200 and 5300, IBM FlashSystem 7200 and 7300, IBM FlashSystem 9100, 9200 and 9500 and IBM Storage Virtualize for Public Cloud to the code levels in the following table or higher using the download links for each product below the table.\u003cbr\u003e\u003cbr\u003eAffected Version(s)  Fixed Version\u003cbr\u003e8.5.0.0-8.5.0.14  8.5.0.15\u003cbr\u003e8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0  8.6.0.8\u003cbr\u003e8.6.0.0-8.6.0.7  8.6.0.8\u003cbr\u003e8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0  8.7.0.5\u003cbr\u003e8.7.0.0-8.7.0.4  8.7.0.5\u003cbr\u003e8.7.1.0, 8.7.2.0-8.7.2.1 8.7.3.0-8.7.3.1  8.7.3.2\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7237157\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIBM Storage Virtualize 8.5, 8.6, and 8.7 products \u003c/span\u003ecould allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-07-07T16:41:23.342Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-1351\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-11T13:30:31.536Z\", \"dateReserved\": \"2025-02-15T15:14:08.079Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-07-07T16:41:23.342Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.