IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
CVE ID: CVE-2025-0160
CVSS Base Severity: HIGH
CVSS Base Score: 8.1
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor: IBM
Product: Storage Virtualize
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 15.3% (scored less or equal to compared to others)
EPSS Date: 2025-03-29 (when was this score calculated)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false