CVE-2025-1411

| EUVD-2025-18339 HIGH
2025-06-15 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 21:57 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:57 euvd
EUVD-2025-18339
CVE Published
Jun 15, 2025 - 13:15 nvd
HIGH 7.8

Tags

Privilege Escalation IBM Docker Security Verify Directory

Description

IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.

Analysis

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Technical Context

This vulnerability (CWE-250: Execution with Unnecessary Privileges) occurs in IBM Security Verify Directory Container, a containerized identity directory service component. The root cause is architectural: the application process runs with root-level privileges by default rather than using principle-of-least-privilege containerization patterns. In container environments, this is particularly dangerous as the entire container runtime gains root context. A local user with any level of access (PR:L in CVSS) can exploit improper privilege handling to break out of intended security boundaries. The CWE-250 classification indicates the developers failed to implement proper privilege separation or privilege dropping mechanisms common in Unix/Linux security practices.

Affected Products

IBM Security Verify Directory Container: Affected versions include 10.0.0.0, 10.0.1.x, 10.0.2.x, and 10.0.3.0 through 10.0.3.1. The vulnerability is specific to the containerized deployment of Security Verify Directory (not traditional standalone installations). Affected CPE would be: cpe:2.3:a:ibm:security_verify_directory_container:*:*:*:*:*:*:*:* with version constraints 10.0.0.0 to 10.0.3.1. Container-specific deployments on Docker, Kubernetes, and OpenShift platforms using these versions are in scope.

Remediation

Immediate remediation requires upgrading to IBM Security Verify Directory Container version 10.0.4.0 or later. Organizations should: (1) Apply the latest security patch from IBM Security Advisories; (2) Implement container security context restrictions (set non-root user in Dockerfile/pod security policy, use read-only root filesystem where possible); (3) Apply pod security policies in Kubernetes deployments to prevent privileged container execution; (4) Limit local access via role-based access control and authentication hardening; (5) Run the container with explicit non-root user definitions (USER directive in container image). As an interim mitigation while patching, restrict container privileges using Docker/Kubernetes security contexts (securityContext.runAsNonRoot=true, drop ALL capabilities). Consult IBM's official security bulletin for the specific patch version number and deployment guidance.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

CVE-2025-1411 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy