IBM Storage Virtualize Vulnerabilities Exploitation Report

Executive Summary

Significant vulnerabilities have been identified within IBM Storage Virtualize products, specifically affecting the graphical user interface (GUI). These vulnerabilities, designated as CVE-2025-0160 and CVE-2025-0159, present substantial risks including authentication bypass and arbitrary code execution. While the command-line interface (CLI) remains unaffected, the severity of these vulnerabilities necessitates immediate attention and action. The Financial Services and Government Sectors are particularly vulnerable due to their reliance on IBM's storage solutions. Immediate mitigation and vigilant monitoring are recommended to protect sensitive data and infrastructure integrity.

Technical Information

The vulnerabilities within IBM Storage Virtualize products are critical, particularly affecting versions from 8.5.0.0 to 8.7.2.1. CVE-2025-0160 allows remote attackers to execute arbitrary Java code by exploiting inadequate restrictions in the RPCAdapter service. Classified under CWE-114: Process Control, this vulnerability poses a high risk with a CVSS score of 8.1. The attack vector is network-based, with high complexity and no prerequisites for user interaction, making it a potent threat if exploited.

Conversely, CVE-2025-0159 is even more severe, enabling attackers to bypass RPCAdapter endpoint authentication through a specifically crafted HTTP request. This vulnerability is marked as CWE-288: Authentication Bypass Using an Alternate Path or Channel and carries a CVSS score of 9.1. Its low attack complexity and lack of authentication requirements heighten its potential for widespread exploitation. Both vulnerabilities compromise confidentiality, integrity, and availability, underscoring the necessity for immediate patch implementation.

Exploitation in the Wild

Currently, there are no publicly available exploits or documented cases of these vulnerabilities being leveraged by Advanced Persistent Threat (APT) groups. However, given the critical nature of CVE-2025-0159, the potential for exploitation is high. Organizations are strongly advised to monitor network traffic for anomalous behavior indicative of exploitation attempts and to apply patches without delay to safeguard against emerging threats.

APT Groups using this vulnerability

At this time, no specific APT groups have been identified as exploiting these vulnerabilities. Nonetheless, entities engaged in cyber-espionage that target the financial and governmental sectors may soon seek to exploit these weaknesses. Continuous threat intelligence monitoring is recommended to identify any emerging threats.

Affected Product Versions

The vulnerabilities affect the following IBM Storage Virtualize versions: 8.5.0.0 to 8.5.0.13, 8.5.1.0, 8.5.2.0 to 8.5.2.3, 8.5.3.0 to 8.5.3.1, 8.5.4.0, 8.6.0.0 to 8.6.0.5, 8.6.1.0, 8.6.2.0 to 8.6.2.1, 8.6.3.0, 8.7.0.0 to 8.7.0.2, and 8.7.1.0, 8.7.2.0 to 8.7.2.1. Users of these versions should prioritize upgrading to mitigated versions.

Workaround and Mitigation

IBM has released patches to address these vulnerabilities. Organizations should upgrade to IBM Storage Virtualize 8.5.0.14, 8.6.0.6, 8.7.0.3, or 8.7.2.2 or higher. Beyond patching, best practices include regularly updating storage systems, monitoring IBM advisories for new vulnerabilities, and implementing network segmentation to restrict exposure. Additionally, ensuring robust access controls and employing intrusion detection systems can mitigate potential threats.

References

For further technical details, consult the following resources: IBM Support Page for Vulnerability, CVE-2025-0160 on NVD, CVE-2025-0159 on NVD.

Rescana is here for you

At Rescana, we specialize in Third Party Risk Management (TPRM), empowering organizations to proactively manage and mitigate risks associated with third-party software and systems. Our platform provides comprehensive visibility and insight into potential vulnerabilities and offers strategic guidance to enhance your cybersecurity posture. Should you have any questions regarding this report or need further assistance, please contact us at ops@rescana.com. We are committed to supporting your security needs.