Security Advisory

IBM Product Security Update Advisory

  • Oct 14 2025
IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-36156

 

IBM InfoSphere Data Replication VSAM for z/OS Remote Source Versions: All Versions

 

CVE-2025-36354, CVE-2025-36355, CVE-2025-36356

 

IBM Verify Identity Access Docker Version: 11.0.0.0 or later and 11.0.1.0 or earlier
IBM Security Verify Access Docker version: 10.0.0.0 or later and 10.0.9.0-IF2 or earlier
IBM Verify Identity Access Appliance version: 11.0.0.0 or later and 11.0.1.0 or earlier
IBM Security Verify Access Appliance version: 10.0.0.0 or later and 10.0.9.0-IF2 or earlier

 

CVE-2025-36087

 

IBM Verify Identity Access Version: 11.0
IBM Security Verify Access Version: 10.0 or later and 10.0.9 or earlier
IBM Verify Identity Access Container Version: 11.0
IBM Security Verify Access Container Version: 10.0 or later and 10.0.9 or earlier

 

 

Resolved Vulnerabilities

 

Stack-based buffer overflow vulnerability in IBM InfoSphere Data Replication VSAM for z/OS Remote Source (CVE-2025-36156)
Arbitrary Command Execution Vulnerability in IBM Security Verify Access (CVE-2025-36354)
External malicious script execution vulnerability in IBM Security Verify Access (CVE-2025-36355)
Privilege escalation vulnerability in IBM Security Verify Access (CVE-2025-36356)
Hardcoded Credential Vulnerability in IBM Security Verify Access (CVE-2025-36087)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-36156

 

IBM InfoSphere Data Replication VSAM for z/OS Remote Source Version: 11.4.0.22 [1]

 

CVE-2025-36354, CVE-2025-36355, CVE-2025-36356

 

IBM Security Verify Access Version: 10.0.9.0-IF3
IBM Verify Identity Access Version: 11.0.1.0-IF1

 

CVE-2025-36087

 

IBM Security Verify Access Version: 10.0.9 IF2
IBM Verify Identity Access Version: 11.0.1

 

 

References

 

[1] Security Bulletin: IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow
https://www.ibm.com/support/pages/node/7247224
[2] Security Bulletin: Several Security Vulnerabilities have been discovered in IBM Security Verify Access and IBM Verify Identity Access products. (CVE-2025-36354, CVE-2025-36355, CVE-2025-363546)
https://www.ibm.com/support/pages/node/7247215
[3] Security Bulletin: Security vulnerability has been found in IBM Verify Identity Access/IBM Security Verify Access (CVE-2025-36087)
https://www.ibm.com/support/pages/node/7247753

Tags:
Previous Post

Next Post