CVE-2025-36239 is a cross-site scripting (XSS) vulnerability identified in IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0. This vulnerability stems from improper neutralization of input during web page generation (CWE-79), allowing an unauthenticated attacker to inject arbitrary JavaScript code into the device's web-based user interface. The injected script executes within the context of a trusted session, potentially altering the intended functionality of the web UI. This can lead to sensitive information disclosure, such as credentials, by capturing session tokens or user input. The vulnerability is remotely exploitable over the network without requiring authentication, but it does require user interaction (e.g., the victim accessing the maliciously crafted page or link). The CVSS v3.1 base score is 6.1, indicating a medium severity level, with the vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This means the attack can be launched remotely with low attack complexity and no privileges, but requires user interaction. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component, potentially impacting confidentiality and integrity but not availability. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability affects critical storage infrastructure devices that are often used in enterprise data centers for large-scale data storage and archival purposes. Given the nature of the vulnerability, attackers could leverage it to steal credentials or manipulate the web UI to facilitate further attacks or unauthorized access.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on IBM Storage TS4500 Library systems for critical data storage and archival. Successful exploitation could lead to credential theft, enabling attackers to gain unauthorized access to storage management interfaces or other connected systems. This could compromise data confidentiality and integrity, potentially leading to data breaches or manipulation of stored data. Since the vulnerability requires user interaction, phishing or social engineering campaigns targeting administrators or users with access to the TS4500 web UI could be employed. The disruption of trust in storage management interfaces may also affect operational continuity and compliance with data protection regulations such as GDPR, which mandates strict controls over personal data security. Additionally, the cross-site scripting vulnerability could be a stepping stone for more advanced attacks within the network, increasing the overall risk posture of affected organizations.

1. Immediate mitigation should include restricting access to the IBM Storage TS4500 Library web interface to trusted networks and users only, using network segmentation and firewall rules to limit exposure. 2. Implement web application firewalls (WAFs) capable of detecting and blocking XSS payloads targeting the TS4500 web UI. 3. Educate administrators and users about the risks of clicking on untrusted links or opening suspicious emails that could trigger the XSS attack. 4. Monitor logs and network traffic for unusual activity related to the TS4500 web interface to detect potential exploitation attempts early. 5. IBM should be contacted for official patches or updates; until patches are available, consider disabling or limiting the use of the web UI if operationally feasible. 6. Employ Content Security Policy (CSP) headers if configurable on the device to reduce the impact of injected scripts. 7. Regularly review and update security policies related to device management interfaces, ensuring multi-factor authentication and strong password policies are enforced to reduce the risk of credential compromise.