CVE-2025-36192
Unknown
Unknown - Not Provided
Authorization Bypass in IBM DS8000 Safeguarded Copy Causes Data Corruption
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: IBM Corporation
Description
Description
IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS Logical corruption protection mechanisms.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | ds8900f | * |
| ibm | ds8000 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects IBM DS8A00 and DS8900F storage systems, where a local user with authorized CCW update permissions can delete or corrupt backups. This happens because of missing authorization checks in the IBM Safeguarded Copy and GDPS Logical corruption protection mechanisms.
How can this vulnerability impact me? :
The vulnerability can lead to deletion or corruption of backups, which may result in data loss or inability to restore critical data, impacting data integrity and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70