A number of extreme vulnerabilities in IBM QRadar Suite Software program that might enable attackers to entry delicate configuration information and compromise enterprise safety infrastructures.
Essentially the most extreme vulnerability, tracked as CVE-2025-25022, carries a CVSS base rating of 9.6 and permits unauthenticated customers to acquire extremely delicate data from configuration information.
These vulnerabilities have an effect on IBM Cloud Pak for Safety variations 1.10.0.0 by 1.10.11.0 and QRadar Suite Software program variations 1.10.12.0 by 1.11.2.0, prompting rapid remediation efforts throughout affected organizations.
Configuration File Entry Vulnerability
Essentially the most crucial vulnerability recognized on this safety bulletin is CVE-2025-25022, which exploits CWE-260: Password in Configuration File weak spot.
This flaw permits unauthenticated attackers throughout the community atmosphere to entry extremely delicate configuration information with out requiring any consumer credentials.
The vulnerability’s CVSS vector (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) signifies that attackers can obtain excessive impression throughout confidentiality, integrity, and availability with low assault complexity from adjoining networks.
Safety researchers have demonstrated that this vulnerability stems from improper entry controls on configuration information containing delicate data, together with potential passwords and system configurations.
The assault vector requires adjoining community entry, suggesting that attackers who’ve gained preliminary community foothold can exploit this vulnerability to escalate privileges and entry crucial safety infrastructure parts.
Organizations utilizing QRadar SIEM for safety monitoring and incident response face notably excessive dangers, as compromised configuration information might expose total safety architectures to malicious actors.
Threat FactorsDetailsAffected ProductsIBM Cloud Pak for Safety 1.10.0.0-1.10.11.0, QRadar Suite 1.10.12.0-1.11.2.0ImpactUnauthenticated entry to delicate configuration information Exploit PrerequisitesAdjacent community entry CVSS 3.1 Score9.6 (Important)
Safety Flaws Compromise QRadar’s Safety
Past the configuration file vulnerability, IBM recognized 4 further safety flaws that collectively compromise QRadar’s safety posture.
CVE-2025-25021 presents a code injection vulnerability with CVSS rating 7.2, permitting privileged customers to execute arbitrary code by case administration script creation attributable to CWE-94: Improper Management of Technology of Code.
This vulnerability requires excessive privileges however permits full system compromise by the CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-25019 addresses session administration failures the place QRadar SIEM fails to invalidate periods after logout, labeled beneath CWE-613: Inadequate Session Expiration.
With a CVSS rating of 4.8, this vulnerability permits consumer impersonation assaults by persistent session tokens.
Moreover, CVE-2025-25020 impacts API enter validation mechanisms, probably inflicting denial-of-service situations with a CVSS rating of 6.5 by CWE-1287: Improper Validation of Specified Sort of Enter.
The ultimate vulnerability, CVE-2025-1334, includes CWE-525: Use of Internet Browser Cache Containing Delicate Info, permitting native customers to entry cached delicate information with a CVSS rating of 4.0.
Motion Required for Customers
IBM strongly recommends rapid system updates to deal with these vulnerabilities, emphasizing that organizations should improve to model 1.11.3.0 or later.
The corporate has revealed complete remediation directions by their Cloud Pak for Safety documentation portal, offering each set up and improve pathways for affected programs.
Notably, IBM has not recognized any workarounds or mitigations for these vulnerabilities, making system updates the one viable safety technique.
The vulnerabilities had been found by IBM’s Safety inner Workforce, together with researchers John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak.
Organizations ought to prioritize remediation of CVE-2025-25022 attributable to its crucial CVSS score and potential for unauthenticated exploitation, whereas concurrently addressing the remaining vulnerabilities to make sure a complete restoration of their safety posture.
Reside Credential Theft Assault Unmask & Prompt Protection – Free Webinar
