CVE-2025-36120

Name

Improper authorization in the IBM FlashSystem leads to privilege escalation via SSH authorized keys

CVSS score

8.8 (High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product name

IBM FlashSystem 9500

Confirmed exploitable versions

v8.6.0.3

Researcher

Jakub Sajniak and Patryk Rejchert

Description

IBM FlashSystem allows a user to provide their SSH key, which is then written to the authorized_keys file. Using a set of limited commands in rbash, threat actor can perform a privilege escalation by overwriting the SSH_LABEL_ID within the authorized_keys file. This results in the account takeover of the superuser with just Monitor access privileges.

Proof-of-concept

TBA

Timeline

11-07-2025 - Vulnerability reported to vendor
27-08-2025 - Security advisory is published by the vendor

References

https://www.ibm.com/support/pages/node/7240796
https://www.cve.org/CVERecord?id=CVE-2025-36120