CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2025-0160 – IBM FlashSystem code execution
https://notcve.org/view.php?id=CVE-2025-0160
28 Feb 2025 — IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service. • https://www.ibm.com/support/pages/node/7184182 • CWE-114: Process Control •
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-0159 – IBM FlashSystem authentication bypass
https://notcve.org/view.php?id=CVE-2025-0159
28 Feb 2025 — IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. • https://www.ibm.com/support/pages/node/7184182 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •