CVE-2025-36356
CRITICALDescription
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | security_verify_access |
| ibm | security_verify_access |
| ibm | security_verify_access |
| ibm | security_verify_access |
| ibm | security_verify_access_docker |
| ibm | security_verify_access_docker |
| ibm | security_verify_access_docker |
| ibm | security_verify_access_docker |
| ibm | verify_identity_access |
| ibm | verify_identity_access |
| ibm | verify_identity_access_docker |
| ibm | verify_identity_access_docker |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-36356? +
How severe is CVE-2025-36356? +
What products are affected by CVE-2025-36356? +
How do I check if I'm vulnerable to CVE-2025-36356? +
Related Vulnerabilities
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power …
mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue …
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue …
The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution …