CVE-2025-36104

MEDIUM

IBM Storage Scale - Incorrect Permission Assignment

Title source: rule

Description

IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7239562

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-277 CWE-732

Status published

Products (2)

ibm/storage_scale 5.2.3.0

ibm/storage_scale 5.2.3.1

Published Jul 12, 2025

Tracked Since Feb 18, 2026