CVE-2025-36087
BaseFortify
Publication date: 2025-10-13
Last updated on: 2025-10-20
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | security_verify_access | From 10.0.0.0 (inc) to 10.0.9.0 (inc) |
| ibm | verify_identity_access | 11.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves IBM Security Verify Access and IBM Verify Identity Access Container products containing hard-coded credentials, such as passwords or cryptographic keys, within the software under certain configurations. These hard-coded credentials are used for inbound authentication, outbound communication with external components, or encryption of internal data. This issue is classified as CWE-798: Use of Hard-coded Credentials. [1]
How can this vulnerability impact me? :
The vulnerability can be exploited remotely without privileges or user interaction, but with high attack complexity. It can lead to a high impact on confidentiality, integrity, and availability of the affected systems. Attackers could potentially use the hard-coded credentials to gain unauthorized access, intercept or manipulate communications, or compromise encrypted data, resulting in significant security risks. [1]
What immediate steps should I take to mitigate this vulnerability?
IBM has released fixes for the affected versions of IBM Verify Identity Access and IBM Security Verify Access. The immediate step to mitigate this vulnerability is to promptly update your products to the fixed versions provided by IBM. No workarounds or other mitigations are provided. [1]