Storage Scale 5.2.3.0-5.2.3.5/6.0.0.0-6.0.0.1: Local Perm Escalation
CVE-2025-14604 Published on March 3, 2026

The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2
IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-14604 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.


Products Associated with CVE-2025-14604

Want to know whenever a new CVE is published for IBM Storage Scale? stack.watch will email you.

IBM Storage Scale
 

Affected Versions

IBM Storage Scale:

Exploit Probability

EPSS
0.01%
Percentile
0.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.