What is CVE-2025-36354?

CVE-2025-36354 is a high-severity vulnerability in Ibm Security Verify Access Appliance, classified under OS Command Injection. CVSS score: 7.3/10. Published 2025-10-06.

How severe is CVE-2025-36354?

High severity. CVSS v3 base score is 7.3 out of 10.

Is CVE-2025-36354 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Ibm Security Verify Access Appliance

CVE-2025-36354

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Ibm Security Verify Access Appliance — versions 10.0.0.0, 11.0.0.0
Ibm Security Verify Access Docker — versions 10.0.0.0, 11.0.0.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.ibm.com/support/pages/node/7247215 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-36354?: CVE-2025-36354 is a high-severity vulnerability in Ibm Security Verify Access Appliance, classified under OS Command Injection. CVSS score: 7.3/10. Published 2025-10-06.
How severe is CVE-2025-36354?: High severity. CVSS v3 base score is 7.3 out of 10.
Is CVE-2025-36354 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.