CVE-2025-2141
BaseFortify
Publication date: 2025-07-01
Last updated on: 2025-09-30
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | 3948-vef_firmware | to 8.60.0.115 (inc) |
| ibm | 3948-vef | * |
| ibm | 3948-ved_firmware | to 8.54.2.17 (inc) |
| ibm | 3948-ved | * |
| ibm | 3957-ved_firmware | to 8.54.2.17 (inc) |
| ibm | 3957-ved | * |
| ibm | 3957-ved_firmware | to 8.60.0.115 (inc) |
| ibm | 3957-ved | * |
| ibm | 3948-ved_firmware | to 8.60.0.115 (inc) |
| ibm | 3948-ved | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) flaw in the IBM System Storage Virtualization Engine TS7700 web management interface. It allows an authenticated user to inject arbitrary JavaScript code into the web UI, which can alter its intended functionality. This can lead to unauthorized actions such as credential disclosure, session data collection, redirection to malicious websites, and privilege escalation within a trusted session. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to information disclosure, credential theft, privilege escalation, redirection of users to phishing sites, creation of malicious interfaces, session data collection, and unauthorized actions on the application. These impacts can compromise the security and integrity of the system and user data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring the IBM System Storage Virtualization Engine TS7700 Management Interface for signs of cross-site scripting (XSS) attacks, such as unexpected JavaScript code injections in the Web UI. Since this is a web interface vulnerability, you can inspect HTTP traffic to and from the TS7700 device for suspicious payloads or scripts. Using web proxy tools like Burp Suite or OWASP ZAP to intercept and analyze requests to the management interface can help identify attempts to inject JavaScript. Additionally, reviewing web server logs for unusual input patterns or encoded scripts may assist in detection. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the TS7700 microcode and VTD_EXEC package to the minimum required versions specified by IBM for your model and release. For example, upgrading to microcode 8.54.2.17 with VTD_EXEC.904 or 8.60.0.115 with VTD_EXEC.905 depending on your system version. Installation can be done online or offline and takes about 60 minutes. Additionally, restrict physical and network access to the TS7700 system to authorized personnel only to reduce exposure, although this does not fully eliminate the risk. [1]