CVE-2025-36087 HIGH

CVE-2025-36087: IBM Security Verify Access hard coded credentials

Vendor Ibm
Product Security Verify Access
Weakness CWE-798 · Hardcoded credentials
Published October 13, 2025
Last update October 15, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

IBM Security Verify Access 10.0.0 through 10.0.9, 11.0.0, IBM Verify Identity Access Container 10.0.0 through 10.0.9, and 11.0.0, under certain configurations, contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Key dates

02Disclosure timeline

October 13, 2025 CVE published
October 15, 2025 Record updated

Related vulnerabilities

04Related CVE