Unauthorized Access Vulnerability in IBM MQ Operator Products
CVE-2025-36041

4.7MEDIUM

Key Information:

Vendor: IBM
Status: MQ Operator
Vendor: CVE Published:; 15 June 2025

What is CVE-2025-36041?

A vulnerability in IBM MQ Operator configurations can lead to exposure of sensitive information. Specifically, the Native HA CRR setup may utilize a private key and chain different from the intended configuration. This mismanagement of security credentials can enable attackers to gain unauthorized access or conduct illicit actions. Organizations utilizing affected IBM products should review their configurations to enhance security and mitigate potential risks.

Affected Version(s)

MQ Operator 2.0.0 LTS <= 2.0.29 LTS

MQ Operator 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD

MQ Operator 3.2.0 SC2 <= 3.2.10 SC2

References

https://www.ibm.com/support/pages/node/7236608

vendor-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Apr 15, 2025