CVE-2025-36087
Last modified
CVE-2025-36087 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Verify Access | >= 10.0.0, <= 10.0.9 |
| Ibm | Verify Identity Access | 11.0.0 |
References
- https://www.ibm.com/support/pages/node/7247753Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-36087?
How severe is CVE-2025-36087?
How do I fix CVE-2025-36087?
Are you affected by CVE-2025-36087?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST