Information Disclosure in IBM QRadar Suite and Cloud Pak for Security
CVE-2025-25022

9.6CRITICAL

Key Information:

Vendor

IBM

Vendor
CVE Published:
3 June 2025

What is CVE-2025-25022?

IBM QRadar Suite and Cloud Pak for Security are vulnerable to a security flaw that may allow an unauthorized user to access highly sensitive configuration information. This vulnerability potentially exposes critical data within the affected environments, posing significant risks for organizations relying on these products for security management. Proper security measures and updates are essential to mitigate this exposure.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.11.2.0

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
.