CVE-2025-36239 – IBM Storage TS4500 Library versions 1.11.0.0 an... (How to Fix)

Q: What is the severity of CVE-2025-36239?

CVE-2025-36239 has a CVSS score of 6.1 (MEDIUM). IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0 contain a cross-site scripting (XSS) vulnerability in their web interface. This allows unauthenticated attackers to inject malicious JavaScript that could steal credentials or manipulate user sessions. Organizations using these specific versions of IBM's tape library management software are affected.

📋 TL;DR

IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0 contain a cross-site scripting (XSS) vulnerability in their web interface. This allows unauthenticated attackers to inject malicious JavaScript that could steal credentials or manipulate user sessions. Organizations using these specific versions of IBM's tape library management software are affected.

💻 Affected Systems

Products:

IBM Storage TS4500 Library

Versions: 1.11.0.0 and 2.11.0.0

Operating Systems: IBM TS4500 firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the web management interface of these specific firmware versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, gain full control of the storage system, manipulate tape operations, or pivot to other network systems.

🟠

Likely Case

Session hijacking leading to unauthorized access to the storage management interface, potentially disrupting backup operations or exfiltrating configuration data.

🟢

If Mitigated

Limited to UI manipulation without credential theft if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH if the web interface is exposed to the internet, as exploitation requires no authentication.

🏢 Internal Only: MEDIUM as attackers would need internal network access, but exploitation remains unauthenticated.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM firmware updates as specified in the advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7246246

Restart Required: Yes

Instructions:

1. Review IBM advisory 7246246. 2. Download appropriate firmware update from IBM Fix Central. 3. Apply update following IBM TS4500 firmware upgrade procedures. 4. Verify successful installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to TS4500 web interface to trusted management networks only

Web Application Firewall

all

Deploy WAF with XSS protection rules in front of TS4500 interface

🧯 If You Can't Patch

Isolate TS4500 management interface on separate VLAN with strict access controls
Implement browser security policies like Content Security Policy (CSP) headers if supported

🔍 How to Verify

Check if Vulnerable:

Check firmware version via TS4500 web interface: System > About or using CLI commands

Check Version:

ssh admin@ts4500-ip 'show version' or check web interface System > About

Verify Fix Applied:

Confirm firmware version is no longer 1.11.0.0 or 2.11.0.0 after update

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in web server logs
Multiple failed login attempts following suspicious requests

Network Indicators:

HTTP requests containing script tags or JavaScript payloads to TS4500 management port

SIEM Query:

source="ts4500_web_logs" AND (http_uri CONTAINS "<script>" OR http_uri CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-36239

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.15% exploit probability (36.1th percentile)

Published: September 27, 2025

Last Updated: December 11, 2025

🔗 References

https://www.ibm.com/support/pages/node/7246246 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36239, you might also want to check these: