Denial of Service Vulnerability in IBM MQ by IBM
CVE-2025-36128

7.5HIGH

Key Information:

Vendor: IBM
Status: MQ
Vendor: CVE Published:; 16 October 2025

What is CVE-2025-36128?

IBM MQ versions 9.1, 9.2, 9.3 LTS, 9.4 LTS, and the Cloud Deploy versions 9.3 and 9.4 are susceptible to a denial of service attack due to insufficient enforcement of timeouts on individual read operations. This weakness can be exploited by an attacker employing slowloris-type techniques, potentially leading to service disruption and making the system unresponsive. It is essential for users of affected versions to apply available patches to mitigate these risks.

Affected Version(s)

MQ 9.1

MQ 9.2

MQ 9.3

References

https://www.ibm.com/support/pages/node/7244480

vendor-advisorypatch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Apr 15, 2025

JSON