Information Disclosure in IBM QRadar Suite and Cloud Pak for Security
CVE-2025-25022

9.6CRITICAL

Key Information:

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 3 June 2025

What is CVE-2025-25022?

IBM QRadar Suite and Cloud Pak for Security are vulnerable to a security flaw that may allow an unauthorized user to access highly sensitive configuration information. This vulnerability potentially exposes critical data within the affected environments, posing significant risks for organizations relying on these products for security management. Proper security measures and updates are essential to mitigate this exposure.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.11.2.0

References

https://www.ibm.com/support/pages/node/7235432

vendor-advisory

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2025
Vulnerability Reserved
Jan 31, 2025

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak