Cyber Posture

CVE-2025-0161

High

Published: 20 February 2025

Published
20 February 2025
Modified
08 August 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0161 is a high-severity Code Injection (CWE-94) vulnerability in Ibm Security Verify Access. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the CVE by requiring timely identification, reporting, and patching of flaws like improper restrictions on code generation in the IBM Security Verify Access Appliance.

SI-10 Information Input Validation good match
prevent

Mitigates code injection (CWE-94) by enforcing validation of all inputs to code generation processes, preventing local users from injecting arbitrary code.

SI-16 Memory Protection good match
prevent

Provides runtime memory protections such as non-executable stacks and address randomization to block arbitrary code execution even if code generation restrictions are bypassed.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local arbitrary code execution via code generation flaw directly enables use of command/scripting interpreters and exploitation for privilege escalation from low-privileged local access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

Deeper analysisAI

CVE-2025-0161, published on 2025-02-20, affects IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.0.9 and 11.0.0.0. The vulnerability arises from improper restrictions on code generation (CWE-94), which could allow a local user to execute arbitrary code. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with low privileges can exploit this vulnerability through low-complexity means without requiring user interaction. Successful exploitation grants the ability to execute arbitrary code, compromising confidentiality, integrity, and availability at a high level on the affected system.

IBM provides details on mitigation and patches in its security advisory at https://www.ibm.com/support/pages/node/7183788.

Details

CWE(s)
CWE-94

Affected Products

ibm
security verify access
11.0.0 · 10.0.0 — 10.0.0.9

CVEs Like This One

CVE-2024-49814Same product: Ibm Security Verify Access
CVE-2026-1342Same product: Ibm Security Verify Access
CVE-2024-45647Same product: Ibm Security Verify Access
CVE-2024-43187Same product: Ibm Security Verify Access
CVE-2026-1345Same product: Ibm Security Verify Access
CVE-2026-1346Same product: Ibm Security Verify Access
CVE-2026-1343Same product: Ibm Security Verify Access
CVE-2026-2311Same vendor: Ibm
CVE-2025-33239Shared CWE-94
CVE-2025-30067Shared CWE-94

References