IBM Support

IT48637: IBM STORAGE INSIGHTS SECURITY APAR FOR CVE-2025-48924

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • CVE ID:CVE-2025-48924
    Description:
    Uncontrolled Recursion vulnerability in Apache Commons Lang.
    This issue affects Apache Commons Lang: Starting with
    commons-lang:commons-lang 2.0 to 2.6, and, from
    org.apache.commons:commons-lang3 3.0 before 3.18.0.
    The methods ClassUtils.getClass(...) can throw
    StackOverflowError on very long inputs. Because an Error is
    usually not handled by applications and libraries, a
    StackOverflowError could cause an application to stop.
    Users are recommended to upgrade to version 3.18.0, which fixes
    the issue.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Storage Insights users                                   *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * SECURITY APAR FOR:                                           *
    * CVE-2025-48924                                               *
    *                                                              *
    * See security bulletin for details:                           *
    * https://www.ibm.com/support/pages/node/7251109               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    

Problem conclusion

  • The fix for this APAR is contained in the following release:
    
    IBM Storage Insights 4Q25   [ 54X-IBM-SI ]
    ( release target 4Q 2025 / November )
    
    To protect IBM Storage Insights against emerging
    security vulnerabilities, the service was updated to
    protected against vulnerabilities.
    
    An upgrade of your IBM Storage Insights Data Collector(s)
    will apply this fix.
    
    If you do not have automatic upgrade enabled, please
    upgrade your Data Collector(s) manually to apply the fix.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT48637

  • Reported component name

    STORAGE INSIGHT

  • Reported component ID

    5608TPCSI

  • Reported release

    54X

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2025-10-07

  • Closed date

    2025-11-13

  • Last modified date

    2025-11-13

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STORAGE INSIGHT

  • Fixed component ID

    5608TPCSI

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSQRB8","label":"IBM Storage Insights"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"54X","Line of Business":{"code":"LOB69","label":"Storage TPS"}}]

Document Information

Modified date:
13 January 2026