CVE-2025-25022

CRITICAL

IBM QRadar Suite Software <1.11.2.0 & IBM Cloud Pak for Security <1...

Title source: llm
STIX 2.1

Description

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7235432

Scores

CVSS v3 9.6
EPSS 0.0012
EPSS Percentile 29.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-260
Status published
Products (2)
ibm/cloud_pak_for_security 1.10.0.0 - 1.10.11.0
ibm/qradar_suite 1.10.12.0 - 1.11.2.0
Published Jun 03, 2025
Tracked Since Feb 18, 2026