Code Execution Vulnerability in IBM MQ Console
CVE-2025-0975

8.8HIGH

Key Information:

Vendor: IBM
Status: MQ
Vendor: CVE Published:; 28 February 2025

Summary

A vulnerability in the IBM MQ console allows an authenticated user to execute arbitrary code. This flaw arises from improper handling of escape characters, posing significant risks to system integrity. Organizations using affected versions should prioritize implementing recommended patches and reviewing security practices to mitigate potential exploits.

Affected Version(s)

MQ 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD

References

https://www.ibm.com/support/pages/node/7183467

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Feb 2, 2025