CVE-2025-36087: 
IBM Security Verify Access (formerly ISAM) vulnerability analysis and mitigation

IBM Security Verify Access and IBM Verify Identity Access products, versions 10.0.0 through 10.0.9 and 11.0.0, contain a security vulnerability related to hard-coded credentials. The vulnerability was disclosed on October 12, 2025, and affects both the standard and container versions of these products. This security issue involves hard-coded credentials, such as passwords or cryptographic keys, which are used for inbound authentication, outbound communication to external components, or encryption of internal data (IBM Advisory).

The vulnerability has been assigned CVE-2025-36087 and is classified under CWE-798 (Use of Hard-coded Credentials). The CVSS v3.1 base score from IBM Corporation is 8.1 (HIGH) with a vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, while the NVD assessment rates it at 9.8 (CRITICAL) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability poses significant security risks as it involves hard-coded credentials that could be exploited for inbound authentication, outbound communication, or internal data encryption. With a CVSS score ranging from 8.1 to 9.8, the impact is considered HIGH to CRITICAL, potentially allowing attackers to compromise system security through unauthorized access (IBM Advisory, NVD).

IBM has released security patches to address this vulnerability. For IBM Security Verify Access, users should update to version 10.0.9 IF2, and for IBM Verify Identity Access, the update to version 11.0.1 is available. No alternative workarounds have been provided (IBM Advisory, ASEC).