IBM Storage Virtualize Flaws Allow Remote Code Execution

Two critical security flaws in IBM Storage Virtualize products could enable attackers to bypass authentication protections and execute malicious code on enterprise storage systems, according to a security bulletin issued by the company.

Tracked as CVE-2025-0159 and CVE-2025-0160, these vulnerabilities impact the graphical user interface (GUI) components of IBM’s SAN Volume Controller, Storwize, Spectrum Virtualize, and FlashSystem product lines.

CVE-2025-0160: Remote Java Code Execution

The more severe vulnerability (CVSS 8.1) allows unauthenticated remote attackers to execute arbitrary Java code through the RPCAdapter service.

This service, designed for system management communications, improperly validates user-supplied input, enabling attackers to bypass security controls and deploy malicious payloads.

Successful exploitation could grant full control over storage infrastructure, potentially compromising sensitive data or disrupting operations across SAN environments.

CVE-2025-0159: Authentication Bypass

Rated CVSS 9.1, this flaw permits attackers to circumvent authentication mechanisms via specially crafted HTTP requests to the RPCAdapter endpoint.

The vulnerability stems from improper validation of session tokens, allowing unauthorized access to administrative functions without valid credentials.

Combined with CVE-2025-0160, attackers could chain these exploits to first bypass authentication checks and then escalate privileges through code execution.

Affected Products and Versions

The vulnerabilities impact multiple IBM storage platforms running vulnerable GUI components:

• IBM SAN Volume Controller
• Storwize V7000/V5000/V5100/V5000E
• FlashSystem 5000/5100/5200/5300/7200/7300/9100/9200/9500
• Storage Virtualize for Public Cloud

Specific vulnerable software versions include:

• 8.5.0.0 through 8.5.0.13
• 8.5.1.0 through 8.5.4.0
• 8.6.0.0 through 8.6.0.5
• 8.7.0.0 through 8.7.0.2
• 8.7.1.0 and 8.7.2.0-8.7.2.1

Remediation and Patches

IBM released fixed versions for all affected products:

• 8.5.0.x users must upgrade to 8.5.0.14
• 8.6.0.x deployments require 8.6.0.6
• 8.7.x environments need 8.7.0.3 or 8.7.2.2 depending on version

The company strongly recommends applying updates immediately, as both vulnerabilities require no user interaction for exploitation. Administrators should:

1. Verify their system’s software version
2. Download patches from IBM’s Fix Central portal
3. Test updates in staging environments
4. Deploy fixes during maintenance windows

While IBM confirms no active exploits in the wild, the critical nature of these flaws makes prompt patching essential.

Organizations should monitor authentication logs for suspicious RPCAdapter activity and restrict GUI access to trusted networks where possible.

These vulnerabilities highlight the growing risks in storage infrastructure security, particularly as enterprises accelerate cloud migrations and hybrid deployments.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.