CVE-2025-36192 – This vulnerability in IBM DS8000 storage system... (How to Fix)

Q: What is the severity of CVE-2025-36192?

CVE-2025-36192 has a CVSS score of 6.7 (MEDIUM). This vulnerability in IBM DS8000 storage systems allows local users with authorized CCW update permissions to delete or corrupt backups due to missing authorization checks in Safeguarded Copy/GDPS logical corruption protection mechanisms. It affects IBM DS8A00 and DS8900F storage systems running specific firmware versions. Only users with existing CCW update permissions can exploit this vulnerability.

📋 TL;DR

This vulnerability in IBM DS8000 storage systems allows local users with authorized CCW update permissions to delete or corrupt backups due to missing authorization checks in Safeguarded Copy/GDPS logical corruption protection mechanisms. It affects IBM DS8A00 and DS8900F storage systems running specific firmware versions. Only users with existing CCW update permissions can exploit this vulnerability.

💻 Affected Systems

Products:

IBM DS8A00
IBM DS8900F

Versions: DS8A00 R10.1: 10.10.106.0, DS8A00 R10.0: 10.1.3.010.2.45.0, DS8900F R9.4: 89.40.83.0, 89.42.18.0, 89.44.5.0

Operating Systems: Storage system firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with IBM Safeguarded Copy or GDPS logical corruption protection enabled. Requires users to have authorized CCW update permissions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical backup data is permanently deleted or corrupted, leading to data loss and inability to restore from backups during disaster recovery scenarios.

🟠

Likely Case

Authorized but malicious insiders or compromised accounts with CCW permissions could intentionally corrupt or delete backup data, disrupting business continuity.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized users who would be detected if they abused their permissions.

🌐 Internet-Facing: LOW - This vulnerability requires local access and specific permissions, making internet-facing exploitation unlikely.

🏢 Internal Only: MEDIUM - The risk exists within organizations where authorized users could abuse their permissions, but exploitation requires specific access rights.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Exploitation is straightforward for users with the required permissions.

Exploitation requires local access and authorized CCW update permissions. No authentication bypass is involved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact IBM support for specific firmware updates addressing this vulnerability.

Vendor Advisory: https://www.ibm.com/support/pages/node/7255039

Restart Required: Yes

Instructions:

1. Review IBM advisory at provided URL
2. Contact IBM support for appropriate firmware updates
3. Schedule maintenance window for firmware update
4. Apply firmware update following IBM documentation
5. Verify update completion and functionality

🔧 Temporary Workarounds

Restrict CCW Update Permissions

all

Temporarily restrict or review users with CCW update permissions to only essential personnel.

Enhanced Backup Monitoring

all

Implement additional monitoring and alerting for backup deletion/corruption activities.

🧯 If You Can't Patch

Implement strict access controls and least privilege for CCW update permissions
Increase monitoring and auditing of backup operations and user activities

🔍 How to Verify

Check if Vulnerable:

Check firmware version on IBM DS8000 storage systems via management interface or CLI commands.

Check Version:

Use IBM DS8000 management interface or CLI commands specific to the storage system model.

Verify Fix Applied:

Verify firmware version has been updated to a version not listed in affected versions.

📡 Detection & Monitoring

Log Indicators:

Unauthorized or suspicious backup deletion/corruption events
Unexpected CCW update operations
Changes to Safeguarded Copy/GDPS protection settings

Network Indicators:

Unusual management interface activity from non-standard sources

SIEM Query:

Search for backup deletion events, CCW permission changes, or firmware modification attempts in storage system logs.

📊 Metadata

CVE ID: CVE-2025-36192

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-862

EPSS Score: 0.02% exploit probability (3.4th percentile)

Published: December 26, 2025

Last Updated: January 14, 2026

🔗 References

https://www.ibm.com/support/pages/node/7255039 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36192, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ds8a00 Firmware by Ibm

Ds8a00 Firmware by Ibm

Ds8a00 Firmware by Ibm

Ds8a00 Firmware by Ibm

Ds8a00 Firmware by Ibm

Ds8a00 Firmware by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict CCW Update Permissions

Enhanced Backup Monitoring

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities