CVE-2025-0159

Name of the Vulnerable Software and Affected Versions IBM FlashSystem versions 8.5.0.0 through 8.5.0.13 IBM FlashSystem versions 8.5.1.0 IBM FlashSystem versions 8.5.2.0 through 8.5.2.3 IBM FlashSystem versions 8.5.3.0 through 8.5.3.1 IBM FlashSystem versions 8.5.4.0 IBM FlashSystem versions 8.6.0.0 through 8.6.0.5 IBM FlashSystem versions 8.6.1.0 IBM FlashSystem versions 8.6.2.0 through 8.6.2.1 IBM FlashSystem versions 8.6.3.0 IBM FlashSystem versions 8.7.0.0 through 8.7.0.2 IBM FlashSystem versions 8.7.1.0 IBM FlashSystem versions 8.7.2.0 through 8.7.2.1

Description The issue allows a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. This could potentially affect a large number of devices worldwide, although the exact number is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations Update to version 8.5.0.14 to resolve the issue for versions 8.5.0.0 through 8.5.0.13. Update to version 8.5.1.1 to resolve the issue for version 8.5.1.0. Update to version 8.5.2.5 to resolve the issue for versions 8.5.2.0 through 8.5.2.3. Update to version 8.5.3.2 to resolve the issue for versions 8.5.3.0 through 8.5.3.1. Update to version 8.5.4.1 to resolve the issue for version 8.5.4.0. Update to version 8.6.0.6 to resolve the issue for versions 8.6.0.0 through 8.6.0.5. Update to version 8.6.1.1 to resolve the issue for version 8.6.1.0. Update to version 8.6.2.2 to resolve the issue for versions 8.6.2.0 through 8.6.2.1. Update to version 8.6.3.1 to resolve the issue for version 8.6.3.0. Update to a version later than 8.7.2.1 to resolve the issue for versions 8.7.0.0 through 8.7.0.2, 8.7.1.0, and 8.7.2.0 through 8.7.2.1.