IBM has issued a security bulletin highlighting multiple vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms.
The flaws, which range from medium to critical severity, could enable attackers to compromise sensitive data, execute arbitrary code, or disrupt service operations.
Security experts and IBM strongly recommend that all affected organizations upgrade to the latest version without delay.
.png
)
Critical Flaws Uncovered:
The vulnerabilities identified affect QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0.
Each vulnerability is cataloged with a CVE identifier and scored using the Common Vulnerability Scoring System (CVSS v3.1), which quantifies the risk based on exploitability and impact.
Key vulnerabilities include:
CVE-2025-25022 (CVSS 9.6, Critical): This vulnerability allows unauthenticated users to access highly sensitive information, such as passwords, stored in configuration files. It is classified under CWE-260: Password in Configuration File, and could facilitate privilege escalation or broader system compromise.
CVE-2025-25021 (CVSS 7.2, High): Improper code generation in case management scripts enables privileged users to execute arbitrary code. This is a classic code injection flaw (CWE-94), potentially allowing attackers to run malicious commands within administrative contexts.
CVE-2025-25019 (CVSS 4.8, Medium): The software fails to invalidate sessions after logout (CWE-613), opening the door to session hijacking and user impersonation.
CVE-2025-1334 (CVSS 4.0, Medium): Web pages are stored locally and may be read by other users on the same system, risking sensitive data exposure in shared environments (CWE-525).
CVE-2025-25020 (CVSS 6.5, Medium): Inadequate API input validation (CWE-1287) allows authenticated users to cause denial of service (DoS) by submitting malformed data, potentially crashing critical services.
Technical codes and terms:
CWE (Common Weakness Enumeration): Classification of software weaknesses such as CWE-260 (Password in Configuration File) and CWE-94 (Code Injection).
CVSS (Common Vulnerability Scoring System): Industry-standard method for rating IT vulnerabilities, with scores from 0 (none) to 10 (critical).
Session Hijacking: Exploiting session management flaws to impersonate users.
Denial of Service (DoS): Disrupting the normal operation of a service, often by exploiting input validation weaknesses.
Risk Factor Table:
Immediate Remediation and Best Practices
IBM urges all customers to upgrade to QRadar Suite Software version 1.11.3.0 or later, which addresses all five vulnerabilities.
No workarounds or mitigations are available for these issues, making prompt patching essential.
Detailed upgrade instructions are provided in IBM’s official documentation.
Best practices include:
Regularly monitor and apply security updates.
Review session management and input validation mechanisms.
Limit access to sensitive configuration files and monitor for unauthorized access.
IBM’s Security Ethical Hacking Team, including John Zuccato and others, is credited for identifying these flaws, underscoring the importance of continuous security research and responsible disclosure.
These vulnerabilities highlight the ongoing risks in complex security platforms.
Organizations using IBM QRadar Suite Software or Cloud Pak for Security should act immediately to mitigate exposure, as exploitation could lead to severe data breaches or operational disruptions.
To Upgrade Your Cybersecurity Skills, Take Diamond Membership With 150+ Practical Cybersecurity Courses Online – Enroll Here