Multi-Tenant Data Exposure in IBM QRadar SIEM
CVE-2025-13995

5MEDIUM

Key Information:

Vendor: IBM
Status: Qradar
Vendor: CVE Published:; 19 March 2026

What is CVE-2025-13995?

A security flaw in IBM QRadar SIEM versions 7.5.0 through Update Package 14 enables an attacker with access to a single tenant account to potentially access hostname data from another tenant's account. This vulnerability poses a risk to data isolation within the multi-tenant environment of QRadar SIEM, which could lead to unauthorized data exposure across tenant boundaries.

Affected Version(s)

QRadar 7.5.0 <= 7.5.0 Update Pack 14

References

https://www.ibm.com/support/pages/node/7266709

vendor-advisorypatch

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Dec 3, 2025

CVE-2025-13995 Data

JSON