Session Management Flaw in IBM QRadar Suite and IBM Cloud Pak for Security
CVE-2025-25019

4.8MEDIUM

Key Information:

Vendor

IBM

Vendor
CVE Published:
3 June 2025

What is CVE-2025-25019?

A session management vulnerability exists in IBM QRadar Suite Software and IBM Cloud Pak for Security, where user sessions are not properly invalidated upon logout. This flaw could potentially allow an attacker to impersonate another user, posing significant risks to the integrity and confidentiality of the affected system.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.11.2.0

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
.