Unauthorized Access Vulnerability in IBM MQ Operator Products
CVE-2025-36041

4.7MEDIUM

Key Information:

Vendor: IBM
Status: MQ Operator
Vendor: CVE Published:; 15 June 2025

What is CVE-2025-36041?

A vulnerability in IBM MQ Operator configurations can lead to exposure of sensitive information. Specifically, the Native HA CRR setup may utilize a private key and chain different from the intended configuration. This mismanagement of security credentials can enable attackers to gain unauthorized access or conduct illicit actions. Organizations utilizing affected IBM products should review their configurations to enhance security and mitigate potential risks.

Affected Version(s)

MQ Operator 2.0.0 LTS <= 2.0.29 LTS

MQ Operator 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD

MQ Operator 3.2.0 SC2 <= 3.2.10 SC2

References

https://www.ibm.com/support/pages/node/7236608

vendor-advisorypatch

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Apr 15, 2025

JSON