CVE-2025-33013

MEDIUM

IBM MQ Operator - Info Disclosure

Title source: llm

Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.

References (1)

Scores

CVSS v3 6.2
EPSS 0.0001
EPSS Percentile 2.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-212 CWE-244
Status published

Affected Products (50)

ibm/mq_operator < 2.0.29
ibm/mq_operator < 3.2.13
ibm/mq_operator < 3.6.0
ibm/mq_operator
ibm/mq_operator
ibm/mq_operator
ibm/mq_operator
ibm/supplied_mq_advanced_container_images
ibm/supplied_mq_advanced_container_images
ibm/supplied_mq_advanced_container_images
ibm/supplied_mq_advanced_container_images
ibm/supplied_mq_advanced_container_images
ibm/supplied_mq_advanced_container_images
ibm/supplied_mq_advanced_container_images
ibm/supplied_mq_advanced_container_images
... and 35 more

Timeline

Published Jul 24, 2025
Tracked Since Feb 18, 2026