Stored Cross-Site Scripting in IBM QRadar SIEM Web Interface
CVE-2025-33118
6.4MEDIUM
What is CVE-2025-33118?
IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 12 are susceptible to a stored cross-site scripting vulnerability. This security issue enables authenticated users to inject arbitrary JavaScript code into the Web UI, which can modify the user interface's intended behavior. Such manipulation poses significant risks, including the potential for credential disclosure within a trusted session, thereby compromising user security.
Affected Version(s)
QRadar SIEM 7.5 <= 7.5.0 Update Pack 12
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak