CVE-2025-36074 PUBLISHED

Security vulnerability has been detected in IBM Security Verify Directory

Assigner: ibm
Reserved: 15.04.2025 Published: 22.04.2026 Updated: 22.04.2026

IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
CVSS Score: 5.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	IBM
Product	Security Verify Directory (Container)
Versions	affected from 10.0.0 to 10.0.0.3 (incl.)

Solutions

IBM strongly encourages customers to update their systems promptly.

Product(s)Affected Version(s)FixIBM Security Verify Directory (Container)10.0.0-10.0.3 https://www.ibm.com/support/pages/ibm-security-verify-directory-version-10040-download-document

References

https://www.ibm.com/support/pages/node/7268907

Problem Types

CWE-434 Unrestricted Upload of File with Dangerous Type CWE