CVE-2025-36355
HIGHDescription
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to execute malicious scripts from outside of its control sphere.
Is your site exposed to CVE-2025-36355?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | security_verify_access |
| ibm | security_verify_access |
| ibm | security_verify_access |
| ibm | security_verify_access |
| ibm | security_verify_access_docker |
| ibm | security_verify_access_docker |
| ibm | security_verify_access_docker |
| ibm | security_verify_access_docker |
| ibm | verify_identity_access |
| ibm | verify_identity_access |
| ibm | verify_identity_access_docker |
| ibm | verify_identity_access_docker |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-36355? +
How severe is CVE-2025-36355? +
What products are affected by CVE-2025-36355? +
How do I check if I'm vulnerable to CVE-2025-36355? +
Related Vulnerabilities
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The …
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository …
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution …
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control …
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules …
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute …