CVE-2025-1333 — Invocation of Process Using Visible Sensitive Information in IBM MQ Operator
Severity
6.5MEDIUMNVD
CNA6.0
EPSS
0.2%
top 63.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateFeb 11
Description
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
21GHSA
▶
GHSA▶
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity↗2025-09-09
📋Vendor Advisories
31Microsoft▶
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Poin↗2026-02-10
Red Hat▶
PyMdown: pymdown-extensions: PyMdown Extensions: Regular Expression Denial of Service in figure caption extension↗2025-12-16