Notification
Risk classification
HIPER (High Impact and/or Pervasive)
Risk categories
Data Access Loss
Abstract
Microsoft Windows Server update CVE-2025-49716 disables an API that is used by Storage Scale Cluster Export Services (CES) SMB (Samba Winbind).
Without the API, users can no longer connect to SMB shares served from Storage Scale CES SMB, specifically when idmap-information is stored in Active Directory.
Without the API, users can no longer connect to SMB shares served from Storage Scale CES SMB, specifically when idmap-information is stored in Active Directory.
Description
ID resolution for Active Directory domain users would stop working for all Storage Scale versions as soon as users install the Microsoft patch CVE-2025-49716 .
The Microsoft Windows Server update disables an API that is used by Storage Scale CES SMB (Samba Winbind).
Without the API, users no longer can connect to SMB shares served from Storage Scale CES SMB, specifically when idmap-information is stored in Active Directory.
Users Affected
- All versions of Storage Scale below 5.2.3.2. This includes all versions such as 5.1.x, 5.2.0.x, 5.2.1.x, 5.2.2.x, 5.2.3.0, 5.2.3.1.
- All users running with mmuserauth set to "type AD" and unixmap-domains set
- NFS users are impacted if mmuserauth is configured for AD
- in combination with Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016 (list to be verified)
- All versions of Storage Scale below 5.2.3.2. This includes all versions such as 5.1.x, 5.2.0.x, 5.2.1.x, 5.2.2.x, 5.2.3.0, 5.2.3.1.
- All users running with mmuserauth set to "type AD" and unixmap-domains set
- NFS users are impacted if mmuserauth is configured for AD
- in combination with Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016 (list to be verified)
Below configurations are not affected
- LDAP, NIS and AD with automatic ID-map
- LDAP, NIS and AD with automatic ID-map
Recommended Action
Customers should not apply the Microsoft patch until they upgrade to Storage Scale 5.2.3.2 or apply a Storage Scale interim fix (efix) for their specific Scale version.
If the Microsoft patch CVE-2025-49716 was installed then you can consider a temporary rollback of the Microsoft patch while you plan and execute an upgrade to IBM Storage Scale 5.2.3.2 or an IBM Storage Scale interim fix (efix).
Storage Scale 5.2.3.2 is available for download here:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%2[…]tware/IBM+Storage+Scale&release=5.2.3&platform=All&function=all
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%2[…]tware/IBM+Storage+Scale&release=5.2.3&platform=All&function=all
Additionally, version Stoarge Scale 5.1.9.11 (planned availability early August 2025) will have this fix included.
If you cannot upgrade to 5.2.3.2 at this time you can contact support to ask for an interim fix (efix) via:
APAR IJ55289
Reference ID
R.352111
Date first published
08 July 2025
[{"Risk Classification":"HIPER","Line of Business":{"code":"LOB69","label":"Storage TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"STXKQY","label":"IBM Storage Scale"},"ARM Category":[{"code":"a8m3p000000hAjyAAE","label":"CES"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
17 July 2025
UID
ibm17239096