Attackers can paralyze IT security solution IBM QRadar SIEM

Various components in IBM’s IT security solution QRadar SIEM are vulnerable. If attackers successfully exploit the vulnerabilities, they can create DoS states, among other things, causing services to crash. If the protection actually promised by the application is lost, this can have fatal consequences.

Even though there have been no reports of attacks to date, admins should not delay too long before installing the security updates. In a warning message, the developers state that versions 7.5 up to and including 7.5.0 UP13 IF01 are vulnerable. They assure that they have repaired the QRadar 7.5.0 UP13 IF02 release.

Various threats

According to the descriptions, the application cannot be attacked directly, but via vulnerabilities in components such as the Linux kernel. The closed vulnerabilities are classified with a threat level of “high”. Attackers can primarily generate memory errors and thus cause instances to crash (e.g. CVE2025-49083). In the worst case, however, malicious code can also get onto systems and compromise them. It is currently unclear how such attacks could work in detail.

In addition to the Linux kernel, components such as CPython, Cryptography and Podman are also vulnerable. The developers have also directly closed a software vulnerability (CVE-2025-0164 “low”) in QRadar SIEM, they explain in a post. However, an attacker must have certain rights to do this. If this is the case, they can change the configuration.

At the end of August this year, the IBM developers secured QRadar SIEM against possible attacks. In this case, attackers were able to obtain higher user rights.

(des)