What vulnerabilities has IBM disclosed for QRadar Suite Software?

IBM has issued a security bulletin addressing multiple vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms, including five security flaws ranging from CVSS scores of 4.0 to 9.6, with the most severe allowing unauthenticated attackers to access configuration files containing passwords and critical system information.

What is the most critical vulnerability in IBM QRadar Suite?

CVE-2025-25022 with a CVSS score of 9.6 is the most critical vulnerability. It's a 'Password in Configuration File' flaw that allows unauthenticated users in the environment to obtain highly sensitive information stored in configuration files, potentially facilitating privilege escalation or broader system compromise.

What are the other IBM QRadar vulnerabilities and their severity scores?

The other vulnerabilities include CVE-2025-25021 (CVSS 7.2) for improper code generation allowing arbitrary code execution, CVE-2025-25020 (CVSS 6.5) for improper input validation causing denial of service, CVE-2025-25019 (CVSS 4.8) for insufficient session expiration enabling user impersonation, and CVE-2025-1334 (CVSS 4.0) for web browser cache exposure of sensitive information.

How can attackers exploit the CVE-2025-25021 vulnerability?

CVE-2025-25021 is an 'Improper Control of Generation of Code' vulnerability that enables privileged users to execute arbitrary code through improper code generation in case management scripts, potentially allowing attackers to run malicious commands within administrative contexts.

What is the impact of the session expiration vulnerability in IBM QRadar?

CVE-2025-25019 is an insufficient session expiration vulnerability where the software fails to invalidate sessions after logout. This enables user impersonation attacks through persistent session tokens that remain valid even after users have logged out.

What patch is available for the IBM QRadar vulnerabilities?

Users should update their systems to QRadar Suite Software version 1.11.3.0 or later to address all the disclosed vulnerabilities. No workarounds or temporary mitigations are available.

Are there any workarounds for the IBM QRadar vulnerabilities?

No, IBM has stated that no workarounds or temporary mitigations are available for these vulnerabilities. Users must update to the patched version 1.11.3.0 or later.

What products are affected by these IBM security vulnerabilities?

The vulnerabilities affect IBM QRadar Suite Software and IBM Cloud Pak for Security platforms, which are enterprise security information and event management (SIEM) and security orchestration solutions.

Advisory

IBM reports multiple flaws in QRadar Suite, including one critical

published: June 4, 2025

Take action: Your IBM QRadar Suite Software stores passwords from configuration files which can be accessed without authentication. Make sure that QRadar is isolated and accessible only from trusted networks. Then patch to version 1.11.3.0 or later ASAP - because isolation can be broken and malicious insiders can still exploit the flaw.

Learn More

IBM has issued a security bulletin addressing multiple vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms, with the most severe flaw allowing unauthenticated attackers to access configuration files containing passwords and other critical system information.

Vulnerabilities summary

CVE-2025-25022 (CVSS score 9.6) - Password in Configuration File and could facilitate privilege escalation or broader system compromise. It allows unauthenticated users in the environment to obtain highly sensitive information stored in configuration files. This vulnerability stems from passwords being stored in configuration files.
CVE-2025-25021 (CVSS score 7.2) - Improper Control of Generation of Code and potentially allows attackers to run malicious commands within administrative contexts. It enables privileged users to execute arbitrary code through improper code generation in case management scripts.
CVE-2025-25020 (CVSS score 6.5) - Improper Validation of Specified Type of Input and could be exploited to crash critical security services. It allows authenticated users to cause denial of service attacks due to improper validation of API data input.
CVE-2025-25019 (CVSS score 4.8) - Insufficient Session Expiration. It's an insufficient session expiration where the software fails to invalidate sessions after logout. It enables user impersonation attacks through persistent session tokens.
CVE-2025-1334 (CVSS score 4.0) - Use of Web Browser Cache Containing Sensitive Information. It allows web pages to be stored locally and read by other users on the same system. This vulnerability exposes sensitive data in shared environments.

The vulnerabilities affect QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0

Users should update their systems to QRadar Suite Software version 1.11.3.0 or later. No workarounds or temporary mitigations are available.

IBM reports multiple flaws in QRadar Suite, including one critical

Read More
Critical vulnerability discovered in IBM i Systems (AS/400) …
Critical Cisco IMC Authentication Bypass Allows Remote Administrative …
VMware patches multiple actively exploited vulnerabilities, at least …
Systemic Design Flaw in MCP Protocol Exposes AI …
CISA warns that SolarWinds Web Help Desk flaw …