CVE-2025-36074
Description
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Verify Directory (Container) 10.0.0-10.0.0.3 fails to validate file types, allowing privileged users to upload malicious files for further attacks.
Vulnerability
Details
IBM Security Verify Directory (Container) versions 10.0.0 through 10.0.0.3 are affected by an unrestricted file upload vulnerability (CWE-434). The software does not validate the type of files uploaded, enabling a privileged user to upload files with dangerous content [1].
Exploitation
An attacker with high privileges can upload malicious files over the network without user interaction. The attack complexity is low, and the uploaded files can subsequently be distributed to victims, facilitating further attacks against the system [1].
Impact
Successful exploitation compromises the integrity of the system (high impact) and may cause limited availability issues (low impact). Confidentiality is not directly affected. The CVSS v3.1 base score is 5.5 (Medium) [1].
Mitigation
IBM has released a security bulletin advising customers to update their systems promptly. No workarounds are available; applying the latest fix is the recommended action [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 10.0.0 through 10.0.0.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.ibm.com/support/pages/node/7268907nvdVendor Advisory
News mentions
0No linked articles in our index yet.