Critical Vulnerabilities in IBM Storage: Authentication Bypass and Code Execution Risks
Security Advisory:
Critical Vulnerabilities in IBM Storage: Authentication Bypass and Code Execution Risks
IBM has identified two critical vulnerabilities, CVE-2025-0159 and CVE-2025-0160, affecting the graphical user interface (GUI) components of its Storage Virtualize products.
| OEM | IBM |
| Severity | Critical |
| CVSS | 9.1 |
| CVEs | CVE-2025-0159, CVE-2025-0160 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
These vulnerabilities allow attackers to bypass authentication and execute arbitrary code remotely, posing significant security risks to enterprise storage environments.
The affected products include IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000, IBM Flash System models, and IBM Storage Virtualize for Public Cloud. IBM has released patches to mitigate these vulnerabilities, and immediate remediation is strongly advised.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Authentication Bypass Vulnerability | CVE-2025-0159 | IBM storage platforms | Critical |
| Arbitrary Code Execution Vulnerability | CVE-2025-0160 | IBM storage platforms | High |
Technical Summary
The vulnerabilities originate from weaknesses in the RPCAdapter service, which handles system management communications. CVE-2025-0159 allows remote attackers to bypass authentication via a specially crafted HTTP request that exploits improper validation of session tokens. This can enable unauthorized access to administrative functions.
CVE-2025-0160 permits the execution of arbitrary Java code due to improper sandboxing and validation in the RPCAdapter service, allowing attackers to deploy malicious payloads and potentially take full control of the storage system.
| System Affected | CVE ID | Vulnerability Details | Impact |
| IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V5000E, IBM FlashSystem 5000, 5100, 5200, 5300, 7200, 7300, 9100, 9200, 9500, IBM Storage Virtualize for Public Cloud | CVE-2025-0159 | Improper validation of session tokens allows unauthenticated access to RPCAdapter endpoints. | Unauthorized access |
| CVE-2025-0160 | Inadequate sandboxing and validation in the RPCAdapter service enable remote execution of arbitrary Java code. | Remote code execution and system compromise. |
Remediation:
- IBM has released security patches to mitigate these vulnerabilities. Users must upgrade to the following secure versions to prevent exploitation:
| Affected Product(s) | Affected Version(s) | Fixed Version |
| IBM Storage Virtualize | 8.5.0.0-8.5.0.13 | 8.5.0.14 |
| IBM Storage Virtualize | 8.5.1.0, 8.5.2.0-8.5.2.3, 8.5.3.0-8.5.3.1, 8.5.4.0 | 8.6.0.6 |
| IBM Storage Virtualize | 8.6.0.0-8.6.0.5 | 8.6.0.6 |
| IBM Storage Virtualize | 8.6.1.0, 8.6.2.0-8.6.2.1, 8.6.3.0 | 8.7.0.3 |
| IBM Storage Virtualize | 8.7.0.0-8.7.0.2 | 8.7.0.3 |
| IBM Storage Virtualize | 8.7.1.0, 8.7.2.0-8.7.2.1 | 8.7.2.2 |
Conclusion:
CVE-2025-0159 and CVE-2025-0160 represent severe threats to IBM Storage Virtualize users, as they enable unauthorized access and complete system compromise. Organizations must act swiftly by applying the necessary security updates and implementing best practices such as network segmentation and monitoring to mitigate risks.
Delaying patching could leave critical infrastructure vulnerable to exploitation, leading to data breaches, operational disruptions, or ransomware attacks. IBM strongly recommends immediate remediation to protect enterprise storage environments.
References:
- https://www.ibm.com/support/pages/node/7184182
- https://securityonline.info/cve-2025-0159-cvss-9-1-critical-ibm-storage-flaw-allows-authentication-bypass/
Hashtag