CVE-2025-36356 PUBLISHED

IBM Security Verify Access privilege escalation

Assigner: ibm
Reserved: 15.04.2025 Published: 06.10.2025 Updated: 06.10.2025

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.3

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Security Verify Access Appliance
Versions	Default: unaffected affected from 10.0.0.0 to 10.0.9.0 IF2 (incl.) affected from 11.0.0.0 to 11.0.1.0 (incl.)

Vendor	IBM
Product	Security Verify Access Docker
Versions	Default: unaffected affected from 10.0.0.0 to 10.0.9.0 IF2 (incl.) affected from 11.0.0.0 to 11.0.1.0 (incl.)

References

https://www.ibm.com/support/pages/node/7247215

Problem Types

CWE-250 Execution with Unnecessary Privileges CWE