CVE-2025-36104 is a medium severity vulnerability affecting IBM Storage Scale versions 5.2.3.0 and 5.2.3.1. The issue arises from insecure inherited permissions when files are accessed via the SMB (Server Message Block) protocol. Specifically, an authenticated user with legitimate access to the system can exploit this vulnerability to gain unauthorized access to sensitive information stored in files. The root cause is related to improper permission inheritance (CWE-277), where permissions set on parent directories or shares are insecurely propagated to child objects, allowing users to read data they should not have access to. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L). The attacker must have some level of privileges (PR:L), meaning they need to be authenticated but do not require elevated privileges. The impact is primarily on confidentiality (C:H), with no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability highlights a misconfiguration or design flaw in how IBM Storage Scale handles SMB permissions, potentially exposing sensitive data to unauthorized users within an organization.

For European organizations using IBM Storage Scale 5.2.3.0 or 5.2.3.1, this vulnerability poses a significant risk to data confidentiality. Since IBM Storage Scale is used for scalable storage solutions, often in enterprise environments handling large volumes of critical data, unauthorized access to sensitive files could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), and loss of customer trust. The requirement for authenticated access limits the attack surface to internal or trusted users, but insider threats or compromised credentials could be leveraged to exploit this vulnerability. The lack of impact on integrity and availability reduces the risk of data tampering or service disruption, but the exposure of confidential information alone can have severe legal and financial consequences. Organizations in sectors such as finance, healthcare, and government, where data sensitivity is paramount, are particularly at risk. Additionally, the SMB protocol is commonly used in Windows environments, so mixed OS environments could be affected if IBM Storage Scale is integrated with Windows clients or servers.

European organizations should immediately audit their IBM Storage Scale deployments to identify if versions 5.2.3.0 or 5.2.3.1 are in use. Until an official patch is released, administrators should review and tighten SMB share permissions and inheritance settings to ensure that only authorized users have access to sensitive files. This includes explicitly setting restrictive ACLs (Access Control Lists) on shares and directories, disabling unnecessary SMB shares, and monitoring SMB access logs for unusual activity. Network segmentation should be employed to limit SMB traffic to trusted segments and reduce exposure. Implementing strong authentication mechanisms and enforcing least privilege principles for users accessing storage resources will also reduce risk. Organizations should subscribe to IBM security advisories for updates and apply patches promptly once available. Additionally, consider deploying Data Loss Prevention (DLP) tools to detect unauthorized data access or exfiltration attempts related to this vulnerability.