Cross-Site Scripting Vulnerability in IBM QRadar SIEM Dashboard
CVE-2025-36042

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Siem
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-36042?

The IBM QRadar SIEM Dashboard in versions 7.5 and 7.5.0 is susceptible to a cross-site scripting vulnerability. This flaw enables authenticated users to inject malicious JavaScript code into the Web UI. Such exploitation can compromise the integrity of user sessions, potentially allowing attackers to access sensitive information and impair the functionality of the dashboard. Organizations utilizing these versions should consider applying the necessary patches to mitigate this risk.

Affected Version(s)

QRadar SIEM 7.5 <= 7.5.0 Update Pack 13

References

https://www.ibm.com/support/pages/node/7242869

vendor-advisorypatch

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak