anonhaven
Ad

CVE-2025-14604

HIGH CVSS 3.1: 7.8 EPSS 0.01%
Updated Mar 04, 2026
IBM
Parameter Value
CVSS 7.8 (HIGH)
Affected Versions 5.2.3.0 — 6.0.0.2
Fixed In 5.2.3.6
Type CWE-732 (Incorrect Permission Assignment)
Vendor IBM
Public PoC No

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-732 Incorrect Permission Assignment

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Ibm Storage_Scale
cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*
 5.2.3.0 5.2.3.6
Ibm Storage_Scale
cpe:2.3:a:ibm:storage_scale:*:*:*:*:*:*:*:*
 6.0.0.0 6.0.0.2

References 1

https://www.ibm.com/support/pages/node/7262312
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1346

IBM

7.8

CVE-2026-1343

IBM

7.2

CVE-2026-1342

IBM

7.9

CVE-2025-13044

IBM

6.2

CVE-2026-1243

Microsoft

5.4