CVE-2025-1137 – IBM Storage Scale versions 5.2.2.0 and 5.2.2.1 ... (How to Fix)

Q: What is the severity of CVE-2025-1137?

CVE-2025-1137 has a CVSS score of 7.5 (HIGH). IBM Storage Scale versions 5.2.2.0 and 5.2.2.1 contain an input validation vulnerability that allows authenticated users to execute privileged commands. This affects organizations using these specific versions with certain configurations. The vulnerability stems from improper neutralization of user input.

📋 TL;DR

IBM Storage Scale versions 5.2.2.0 and 5.2.2.1 contain an input validation vulnerability that allows authenticated users to execute privileged commands. This affects organizations using these specific versions with certain configurations. The vulnerability stems from improper neutralization of user input.

💻 Affected Systems

Products:

IBM Storage Scale

Versions: 5.2.2.0 and 5.2.2.1

Operating Systems: Linux

Default Config Vulnerable: ✅ No

Notes: Only vulnerable under certain configurations as specified in the IBM advisory.

📦 What is this software?

Storage Scale by Ibm

View all CVEs affecting Storage Scale →

Storage Scale by Ibm

View all CVEs affecting Storage Scale →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain full administrative control over the Storage Scale system, potentially compromising all managed storage resources and data.

🟠

Likely Case

An authenticated user with limited privileges could escalate their permissions to execute administrative commands they shouldn't have access to.

🟢

If Mitigated

With proper network segmentation and least privilege access controls, the impact would be limited to the specific Storage Scale instance.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and specific configuration conditions to be exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.2.2.2 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7233085

Restart Required: Yes

Instructions:

1. Download IBM Storage Scale version 5.2.2.2 or later from IBM Fix Central. 2. Follow IBM's upgrade documentation for your deployment type. 3. Apply the update to all affected nodes. 4. Restart the Storage Scale services.

🔧 Temporary Workarounds

Restrict User Access

all

Limit authenticated user access to only necessary functions and implement strict least privilege principles.

Network Segmentation

all

Isolate Storage Scale management interfaces from general user networks.

🧯 If You Can't Patch

Implement strict network access controls to limit which users can reach the Storage Scale management interfaces.
Review and audit all user accounts with access to Storage Scale, removing unnecessary accounts and privileges.

🔍 How to Verify

Check if Vulnerable:

Check the IBM Storage Scale version using 'mmlsconfig' command and verify if running 5.2.2.0 or 5.2.2.1.

Check Version:

mmlsconfig | grep 'release'

Verify Fix Applied:

After patching, verify version is 5.2.2.2 or later using 'mmlsconfig' command.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Unauthorized administrative command execution
User accounts performing actions beyond their normal privileges

Network Indicators:

Unusual authentication patterns to Storage Scale management interfaces
Traffic from unexpected sources to privileged ports

SIEM Query:

source="storage_scale_logs" AND (event_type="privilege_escalation" OR command="admin_*")

📊 Metadata

CVE ID: CVE-2025-1137

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-250

EPSS Score: 0.06% exploit probability (17.8th percentile)

Published: May 10, 2025

Last Updated: September 29, 2025

🔗 References

https://www.ibm.com/support/pages/node/7233085 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1137, you might also want to check these: