Information Disclosure in IBM QRadar Suite and Cloud Pak for Security
CVE-2025-25022
9.6CRITICAL
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 3 June 2025
What is CVE-2025-25022?
IBM QRadar Suite and Cloud Pak for Security are vulnerable to a security flaw that may allow an unauthorized user to access highly sensitive configuration information. This vulnerability potentially exposes critical data within the affected environments, posing significant risks for organizations relying on these products for security management. Proper security measures and updates are essential to mitigate this exposure.
Affected Version(s)
Cloud Pak for Security 1.10.0.0 <= 1.10.11.0
QRadar Suite Software 1.10.12.0 <= 1.11.2.0
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak