CVE-2025-36356

CRITICAL

IBM Security Verify Access <11.0.1.0 - Privilege Escalation

Title source: llm

Description

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required.

References (1)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/7247215

Scores

CVSS v3 9.3

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-250

Status published

Products (8)

ibm/security_verify_access 10.0.9.0 (3 CPE variants)

ibm/security_verify_access 10.0.0.0 - 10.0.9.0

ibm/security_verify_access_docker 10.0.9.0 (3 CPE variants)

ibm/security_verify_access_docker 10.0.0.0 - 10.0.9.0

ibm/verify_identity_access 11.0.1.0

ibm/verify_identity_access 11.0.0.0 - 11.0.1.0

ibm/verify_identity_access_docker 11.0.1.0

ibm/verify_identity_access_docker 11.0.0.0 - 11.0.1.0

Published Oct 06, 2025

Tracked Since Feb 18, 2026