CVE-2025-36056 is a medium-severity cross-site scripting (XSS) vulnerability affecting IBM System Storage Virtualization Engine TS7700 versions 8.60.0.115 (including 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115). The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an authenticated user to inject arbitrary JavaScript code into the web user interface. This malicious script can alter the intended functionality of the web UI, potentially leading to the disclosure of credentials within a trusted session. The vulnerability requires the attacker to have authenticated access and some user interaction to trigger the malicious script. The CVSS 3.1 base score is 5.4, reflecting network attack vector, low attack complexity, requiring privileges and user interaction, with a scope change and limited confidentiality and integrity impact but no availability impact. No known exploits are currently reported in the wild, and no official patches or mitigation links have been published yet. The vulnerability affects the management interface of a critical storage virtualization product used in enterprise data centers, which could be leveraged to escalate privileges or move laterally within a network if exploited.

For European organizations, especially those operating large-scale data centers or using IBM TS7700 storage virtualization systems, this vulnerability poses a risk of credential theft and session hijacking within the management interface. Compromise of credentials could allow attackers to gain unauthorized access to storage management functions, potentially leading to data exposure or manipulation. Although the vulnerability requires authenticated access, insider threats or compromised credentials could be leveraged to exploit this flaw. The impact on confidentiality and integrity is moderate, as attackers can inject scripts to steal session tokens or manipulate UI behavior. Availability is not directly affected. Given the critical role of storage virtualization in enterprise infrastructure, exploitation could disrupt business continuity indirectly through unauthorized data access or administrative control. European organizations with compliance requirements around data protection (e.g., GDPR) must consider the risk of data breach resulting from such an exploit.

1. Restrict access to the IBM TS7700 management web interface strictly to trusted administrators and secure networks using network segmentation and strong access controls. 2. Enforce multi-factor authentication (MFA) for all users accessing the management interface to reduce risk from compromised credentials. 3. Monitor and audit all administrative access and web UI interactions for suspicious activity indicative of XSS exploitation attempts. 4. Implement Content Security Policy (CSP) headers on the web interface if configurable, to limit execution of unauthorized scripts. 5. Until an official patch is released, consider deploying web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting the management interface. 6. Educate administrators about the risk of XSS and the importance of not clicking on suspicious links or executing untrusted scripts within the management UI. 7. Regularly check IBM security advisories for patches or updates addressing this vulnerability and apply them promptly once available.