IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-49709, CVE-2025-49710

 

IBM Storage Virtualize Version: 8.4
IBM Storage Virtualize Version: 8.5
IBM Storage Virtualize Version: 8.6
IBM Storage Virtualize Version: 8.7

 

 

Resolved Vulnerabilities

 

Privilege escalation vulnerability due to insufficient SSH authentication in IBM Storage Virtualize (CVE-2025-36120)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-49709, CVE-2025-49710

 

IBM Storage Virtualize 8.4.0.0 and later versions 8.4.0.17 and earlier versions: 8.4.0.18
IBM Storage Virtualize 8.4.1.0, 8.4.2.0 and later, 8.4.2.1 and earlier, 8.4.3.1 Version: 8.5.0.16
IBM Storage Virtualize 8.5.0.0 and later, 8.5.0.15 and earlier, 8.5.0.16 Version: 8.5.0.16
IBM Storage Virtualize 8.5.1.0, 8.5.2.0 and later 8.5.2.3 and earlier, 8.5.3.0 and later 8.5.3.1 and earlier, 8.5.4.0 and earlier, 8.5.4.0 Version: 8.6.0.9
IBM Storage Virtualize 8.6.0.0 or later, 8.6.0.8 or earlier, 8.6.0.9 version: 8.6.0.9
IBM Storage Virtualize 8.6.1.0, 8.6.2.0 and above, 8.6.2.1 and below, 8.6.3.0 Version: 8.7.0.6
IBM Storage Virtualize 8.7.0.0 and later, 8.7.0.5 and earlier, 8.7.0.6 Version: 8.7.0.6
IBM Storage Virtualize 8.7.1.0, 8.7.2.0 and later 8.7.2.1 and later, 8.7.3.0 and later 8.7.3.2 and later Version: 8.7.3.3

 

 

References

 

[1] Security Bulletin: Vulnerability in SSH authorization affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
https://www.ibm.com/support/pages/node/7240796