CVE-2025-36041

MEDIUM

IBM MQ Operator 2.0.0-2.0.29, 3.1.0-3.1.3, 3.2.0-3.2.12 - Improper Certificate Validation in Native HA CRR

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-36041. PoCs published by byteReaper77.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-36041, which bypasses SSL certificate validation in IBM MQ by injecting a fake SSL KeyRepository. The exploit establishes an unauthorized connection to an IBM MQ server and sends a test message to confirm successful exploitation.

Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

Exploits (1)

nomisec WORKING POC 2 stars
by byteReaper77 · poc
https://github.com/byteReaper77/CVE-2025-36041

This repository contains a functional proof-of-concept exploit for CVE-2025-36041, which bypasses SSL certificate validation in IBM MQ by injecting a fake SSL KeyRepository. The exploit establishes an unauthorized connection to an IBM MQ server and sends a test message to confirm successful exploitation.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: IBM MQ (Message Queue) Service
No auth needed
Prerequisites: IBM MQ Client SDK (headers and libraries) · argparse.h for command-line parsing · GCC or compatible C compiler · Fake SSL KeyRepository directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7236608

Scores

CVSS v3 4.7
EPSS 0.0031
EPSS Percentile 22.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-295
Status published
Products (20)
ibm/mq_operator 3.0.0
ibm/mq_operator 3.0.1
ibm/mq_operator 3.3.0
ibm/mq_operator 3.4.0
ibm/mq_operator 3.4.1
ibm/mq_operator 3.5.0
ibm/mq_operator 2.0.0 - 2.0.29
ibm/mq_operator 2.2.0 - 2.2.2
ibm/mq_operator 3.1.0 - 3.1.3
ibm/mq_operator 3.2.0 - 3.2.12
... and 10 more
Published Jun 15, 2025
Tracked Since Feb 18, 2026