Privilege Escalation Vulnerability in IBM QRadar Suite and Cloud Pak for Security
CVE-2025-25021

7.2HIGH

Key Information:

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 3 June 2025

What is CVE-2025-25021?

A vulnerability exists in IBM QRadar Suite Software and IBM Cloud Pak for Security that may allow an attacker to execute arbitrary code during case management script creation due to inadequate code generation mechanisms. This flaw potentially exposes sensitive systems to unauthorized operations, which could compromise system integrity and security.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.11.2.0

References

https://www.ibm.com/support/pages/node/7235432

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2025
Vulnerability Reserved
Jan 31, 2025

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak