CVE-2025-0985

CWE-526 CWE-2713 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 73.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 28

Description

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

▶CVEListV5ibm/mq9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD

▶NVDibm/mq9.3.0, 9.4.0+1

CVEList

IBM MQ information disclosure↗2025-02-28

▶

Microsoft

PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL↗2024-02-13

▶