CVE-2025-36087
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-13

Last updated on: 2025-10-20

Assigner: IBM Corporation

Description
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-13
Last Modified
2025-10-20
Generated
2026-06-25
AI Q&A
2025-10-13
EPSS Evaluated
2026-06-24
NVD
CVE-2025-36087
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm security_verify_access From 10.0.0.0 (inc) to 10.0.9.0 (inc)
ibm verify_identity_access 11.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves IBM Security Verify Access and IBM Verify Identity Access Container products containing hard-coded credentials, such as passwords or cryptographic keys, within the software under certain configurations. These hard-coded credentials are used for inbound authentication, outbound communication with external components, or encryption of internal data. This issue is classified as CWE-798: Use of Hard-coded Credentials. [1]

Impact Analysis

The vulnerability can be exploited remotely without privileges or user interaction, but with high attack complexity. It can lead to a high impact on confidentiality, integrity, and availability of the affected systems. Attackers could potentially use the hard-coded credentials to gain unauthorized access, intercept or manipulate communications, or compromise encrypted data, resulting in significant security risks. [1]

Mitigation Strategies

IBM has released fixes for the affected versions of IBM Verify Identity Access and IBM Security Verify Access. The immediate step to mitigate this vulnerability is to promptly update your products to the fixed versions provided by IBM. No workarounds or other mitigations are provided. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36087. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart