CVE-2025-36074
Received Received - Intake
Malicious File Upload Vulnerability in IBM Security Verify Directory

Publication date: 2026-04-23

Last updated on: 2026-04-23

Assigner: IBM Corporation

Description
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-23
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-36074
EUVD
EUVD-2025-209557
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm security_verify_directory From 10.0.0 (inc) to 10.0.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-36074 is a vulnerability in IBM Security Verify Directory (Container) versions 10.0.0 through 10.0.0.3. The issue occurs because the product does not validate the type of files being uploaded. This allows a privileged user to upload malicious files into the system.

These malicious files can then be used to launch further attacks against the system, potentially compromising its integrity.

This vulnerability is classified under CWE-434: Unrestricted Upload of File with Dangerous Type.

Impact Analysis

The vulnerability allows a privileged user to upload malicious files that can be used to perform further attacks on the system.

According to the CVSS score of 5.5, the impact includes high integrity impact and low availability impact, meaning the system's data or operations could be altered or disrupted.

Since the attack vector is network-based and requires high privileges but no user interaction, an attacker with sufficient access could exploit this vulnerability remotely.

Mitigation Strategies

IBM strongly recommends that customers update affected IBM Security Verify Directory (Container) systems from versions 10.0.0 through 10.0.0.3 to version 10.0.4, which addresses this vulnerability.

No workarounds or mitigations are provided, so applying the update is the primary immediate step to mitigate the risk.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

There are no specific detection methods or commands provided to identify this vulnerability on your network or system.

IBM recommends updating affected IBM Security Verify Directory (Container) versions 10.0.0 through 10.0.0.3 to version 10.0.4 to address this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-36074. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart