CVE-2025-36074
Received Received - Intake
Malicious File Upload Vulnerability in IBM Security Verify Directory

Publication date: 2026-04-23

Last updated on: 2026-04-23

Assigner: IBM Corporation

Description
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-23
Last Modified
2026-04-23
Generated
2026-05-06
AI Q&A
2026-04-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-36074
EUVD
EUVD-2025-209557
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm security_verify_directory From 10.0.0 (inc) to 10.0.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-36074 is a vulnerability in IBM Security Verify Directory (Container) versions 10.0.0 through 10.0.0.3. The issue occurs because the product does not validate the type of files being uploaded. This allows a privileged user to upload malicious files into the system.

These malicious files can then be used to launch further attacks against the system, potentially compromising its integrity.

This vulnerability is classified under CWE-434: Unrestricted Upload of File with Dangerous Type.


How can this vulnerability impact me? :

The vulnerability allows a privileged user to upload malicious files that can be used to perform further attacks on the system.

According to the CVSS score of 5.5, the impact includes high integrity impact and low availability impact, meaning the system's data or operations could be altered or disrupted.

Since the attack vector is network-based and requires high privileges but no user interaction, an attacker with sufficient access could exploit this vulnerability remotely.


What immediate steps should I take to mitigate this vulnerability?

IBM strongly recommends that customers update affected IBM Security Verify Directory (Container) systems from versions 10.0.0 through 10.0.0.3 to version 10.0.4, which addresses this vulnerability.

No workarounds or mitigations are provided, so applying the update is the primary immediate step to mitigate the risk.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There are no specific detection methods or commands provided to identify this vulnerability on your network or system.

IBM recommends updating affected IBM Security Verify Directory (Container) versions 10.0.0 through 10.0.0.3 to version 10.0.4 to address this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart