IBM Security Verify Directory 10.0.0-10.0.0.3: Malicious File Upload (Container)
CVE-2025-36074 Published on April 22, 2026

Security vulnerability has been detected in IBM Security Verify Directory
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-36074 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
LOW

Weakness Type

What is an Unrestricted File Upload Vulnerability?

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE-2025-36074 has been classified to as an Unrestricted File Upload vulnerability or weakness.


Products Associated with CVE-2025-36074

Want to know whenever a new CVE is published for IBM Security Verify Directory Container? stack.watch will email you.

IBM Security Verify Directory Container
 

Affected Versions

IBM Security Verify Directory (Container):