Security updates: Attackers can paralyze IBM App Connect and Storage Scale

Several software vulnerabilities in IBM App Connect and Storage Scale offer points of attack for attackers.

(Image: Tatiana Popova/Shutterstock.com)

May 13, 2025 at 11:59 am CEST

2 min. read

By

Dennis Schirrmacher

Admins who manage installations of IBM App Connect and Storage Scale should update the software promptly. If this is not done, attackers can exploit several security vulnerabilities and compromise systems. No attacks have been reported to date.

Install patches

The App Connect integration software can be attacked via vulnerabilities in various components such as Node.js and a Python module. This allows attackers to bypass security measures or trigger memory errors (e.g., CVE-2025-6827 “high”), which usually leads to crashes. In addition, data is stored in a database whose cryptographic protection is weaker than actually assumed (CVE-2025-1993 “medium”).

It is not yet known how specific attacks could take place. IBM lists the security updates for App Connect in the warning articles linked below this message.

Among other things, IBM Storage Scale combines data that is stored at different locations and makes it available for retrieval. DoS attacks are possible here, for example in the context of SSH connections (CVE-2025-22869 “high”). In a post, the developers state that they have closed the gaps in versions 5.1.9.9 and 5.2.3.0.

Videos by heise