IBM Storage Protect SQLi (CVE-2025-13855)

Vendor-confirmed - CVE-2025-13855 is a high SQL injection vulnerability in IBM Storage Protect Server 8.2.0 that grants remote attackers with low privileges database access to steal or manipulate data. Apply the vendor-supplied patch as the primary remediation.

Overview

A high-severity SQL injection vulnerability, tracked as CVE-2025-13855, affects IBM Storage Protect Server version 8.2.0. This flaw allows a remote attacker to send specially crafted SQL commands to the application, which are then executed by the back-end database. Successful exploitation could lead to unauthorized data access or manipulation.

Vulnerability Details

SQL injection occurs when an application fails to properly validate or sanitize user input before incorporating it into a database query. In this case, the IBM Storage Protect Plus Server does not adequately filter input, allowing an attacker to inject malicious SQL code. The CVSS v3.1 base score is 7.6, with a vector of AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. This indicates the attack can be launched over a network (AV:N) with low complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The primary impacts are high to confidentiality and integrity (C:H/I:H).

Impact

If exploited, this vulnerability grants an attacker significant control over the application’s database. The potential consequences include:

• Data Theft: Viewing sensitive information stored in the database, which could include backup metadata, system configurations, or client data.
• Data Manipulation: Adding, modifying, or deleting records within the database, potentially corrupting backup catalogs or altering system settings.
• Further System Compromise: The compromised database access could serve as a foothold for launching additional attacks within the environment.

Remediation and Mitigation

The primary remediation is to apply the official fix provided by IBM. Administrators should immediately consult the IBM Security Bulletin for CVE-2025-13855 to identify the appropriate patch or updated version.

Immediate Actions:

1. Patch: Apply the vendor-supplied security update to all affected IBM Storage Protect Server 8.2.0 instances as a priority.
2. Inventory: Identify all deployments of the vulnerable software version within your environment.
3. Network Controls: As a temporary mitigation, restrict network access to the IBM Storage Protect Server management interfaces to only trusted, necessary IP addresses. This reduces the attack surface.

Until patches are applied, organizations should monitor these systems for any unusual database activity or unauthorized access attempts. For context on how such vulnerabilities can lead to data exposure, recent incidents are detailed in our breach reports.

Security Insight

This SQLi flaw in a core data protection product like IBM Storage Protect is a stark reminder that backup and recovery systems are high-value targets, not just safeguards. Attackers increasingly focus on these platforms to sabotage recovery efforts or exfiltrate large datasets. The persistence of basic injection vulnerabilities in enterprise software underscores the critical need for rigorous secure coding practices and comprehensive testing, even in established, mature product lines.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs