Denial of Service Vulnerability in IBM QRadar Suite and IBM Cloud Pak for Security
CVE-2025-25020

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 3 June 2025

What is CVE-2025-25020?

The vulnerability exists in various versions of IBM QRadar Suite Software and IBM Cloud Pak for Security, where failure to properly validate API data input can be exploited by an authenticated user. This inadequate data validation may lead to a denial of service, impacting the reliability and availability of the affected systems. Organizations using these platforms should ensure they are running the latest versions to mitigate potential risks.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.11.2.0

References

https://www.ibm.com/support/pages/node/7235432

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2025
Vulnerability Reserved
Jan 31, 2025

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak