CVE-2025-36074 MEDIUM

CVE-2025-36074: Security vulnerability has been detected in IBM Security Verify Directory

Vendor Ibm
Product Security Verify Directory (Container)
Weakness CWE-434 · Unrestricted file upload
Published April 22, 2026
Last update April 23, 2026

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
April 23, 2026 Record updated