7.2

CVE-2025-36074

EPSS 0.05%
Veröffentlicht 22.04.2026 23:39:34
Zuletzt bearbeitet 13.05.2026 23:08:37
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

Security vulnerability has been detected in IBM Security Verify Directory

IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Security Verify Directory Version >= 10.0.0 <= 10.0.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.17

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com	5.5	1.2	4.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.ibm.com/support/pages/node/7268907

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36074

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36074

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36074

EUVD