CVE-2025-0160

Name of the Vulnerable Software and Affected Versions IBM FlashSystem versions 8.5.0.0 through 8.5.0.13 IBM FlashSystem versions 8.5.1.0 IBM FlashSystem versions 8.5.2.0 through 8.5.2.3 IBM FlashSystem versions 8.5.3.0 through 8.5.3.1 IBM FlashSystem version 8.5.4.0 IBM FlashSystem versions 8.6.0.0 through 8.6.0.5 IBM FlashSystem version 8.6.1.0 IBM FlashSystem versions 8.6.2.0 through 8.6.2.1 IBM FlashSystem version 8.6.3.0 IBM FlashSystem versions 8.7.0.0 through 8.7.0.2 IBM FlashSystem version 8.7.1.0 IBM FlashSystem versions 8.7.2.0 through 8.7.2.1

Description The issue is related to improper restrictions in the RPCAdapter service, which could allow a remote attacker with access to the system to execute arbitrary Java code.

Recommendations For versions 8.5.0.0 through 8.5.0.13, consider restricting access to the RPCAdapter service until a patch is available. For version 8.5.1.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.5.2.0 through 8.5.2.3, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.5.3.0 through 8.5.3.1, consider restricting access to the RPCAdapter service until a patch is available. For version 8.5.4.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.6.0.0 through 8.6.0.5, consider restricting access to the RPCAdapter service until a patch is available. For version 8.6.1.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.6.2.0 through 8.6.2.1, consider restricting access to the RPCAdapter service until a patch is available. For version 8.6.3.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.7.0.0 through 8.7.0.2, consider restricting access to the RPCAdapter service until a patch is available. For version 8.7.1.0, consider restricting access to the RPCAdapter service until a patch is available. For versions 8.7.2.0 through 8.7.2.1, consider restricting access to the RPCAdapter service until a patch is available.