CVE-2025-36074
HIGH WAF: Medium
CVSS 7.2
Published: 2026-04-23
CWE-434
IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against the system.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | security_verify_directory | 10.0.0 - 10.0.3 |
References
- www.ibm.com (Vendor Advisory)