Session Management Flaw in IBM QRadar Suite and IBM Cloud Pak for Security
CVE-2025-25019
4.8MEDIUM
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 3 June 2025
What is CVE-2025-25019?
A session management vulnerability exists in IBM QRadar Suite Software and IBM Cloud Pak for Security, where user sessions are not properly invalidated upon logout. This flaw could potentially allow an attacker to impersonate another user, posing significant risks to the integrity and confidentiality of the affected system.
Affected Version(s)
Cloud Pak for Security 1.10.0.0 <= 1.10.11.0
QRadar Suite Software 1.10.12.0 <= 1.11.2.0
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak