CVE-2025-0161

High

Published: 20 February 2025

Published

20 February 2025

Modified

08 August 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 0.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

Security Summary

CVE-2025-0161, published on 2025-02-20, affects IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.0.9 and 11.0.0.0. The vulnerability arises from improper restrictions on code generation (CWE-94), which could allow a local user to execute arbitrary code. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with low privileges can exploit this vulnerability through low-complexity means without requiring user interaction. Successful exploitation grants the ability to execute arbitrary code, compromising confidentiality, integrity, and availability at a high level on the affected system.

IBM provides details on mitigation and patches in its security advisory at https://www.ibm.com/support/pages/node/7183788.

Details

CWE(s): CWE-94

Affected Products

ibm

security verify access

11.0.0 · 10.0.0 — 10.0.0.9

References

https://www.ibm.com/support/pages/node/7183788
Vendor Advisory · psirt@us.ibm.com